Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: IBM AS/400 HTTP Server '/' attack
From: "Felix Huber" <huberfelix () webtopia de>
Date: Thu, 8 Nov 2001 22:30:09 +0100

Hi,

you can detect such a server very easily:

----------------------------------------
GET /index.html HTTP/1.0

HTTP/1.0 200 OK
Server: IBM-HTTP-Server/1.0
....
Content-Type: text/html
----------------------------------------

----------------------------------------
GET /index.html/ HTTP/1.0


HTTP/1.0 200 OK
Server: IBM-HTTP-Server/1.0
....
Content-Type: www/unknown <------- here
----------------------------------------

A NASL Script is attached...


Regards,
Felix Huber


-------------------------------------------------------
Felix Huber, Security Consultant, Webtopia
Guendlinger Str.2, 79241 Ihringen - Germany
huberfelix () webtopia de     (07668)  951 156 (phone)
http://www.webtopia.de     (07668)  951 157 (fax)
                                         (01792)  205 724 (mobile)
-------------------------------------------------------

   IBM's HTTP Server on the AS/400 platform is vulnerable to an attack
that will show the source code of the page -- such as an .html or .jsp
page -- by attaching an '/' to the end of a URL.

Compare these two URL's:

http://www.foo.com/getsource.jsp

http://www.foo.com/getsource.jsp/

The later URL will deliver the jsp source to the browser.

I reported this problem to IBM approximately 9 or 10 months ago.

Attachment: ibm_server_code.nasl
Description:


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault