Bugtraq mailing list archives
Re: extra long URL attack
From: marcs () znep com (Marc Slemko)
Date: Sat, 11 Jan 1997 14:02:02 -0700
On Fri, 10 Jan 1997, strick -- henry strickland wrote:
I don't know about CGI attacks, but this extra long URL to
my site running
Server version Stronghold/1.3 Ben-SSL/1.3 Apache/1.1.1.
will show you the raw contents of the top directory
rather than the /index.html file (using Netscape Navigator 3.0 solaris
for a browser).
This is dependent on the implementation of the stat(2) call. Apache currently assumes that if stating the translated path fails, no index file exists so it should generate one. However, some stats will fail if the path is longer than a certain limit. This should be fixed in a release within the next few days or so.
i've always wondered how safe it was to count on nobody seeing past your index.html -- now i know. I wonder if some varient will get you the root directory of my entire filesystem instead of just the top directory of my web. I knew I should have chrooted this stuff....
It is unlikely that this particular hole could do that, but chrooting your web server is seldom a bad thing when you can pull it off.
Current thread:
- not so false alarm: query cgi problem Apropos of Nothing (Jan 10)
- Re: not so false alarm: query cgi problem M Lyons (Jan 10)
- extra long URL attack strick -- henry strickland (Jan 10)
- Re: extra long URL attack John Robert LoVerso (Jan 11)
- Re: extra long URL attack Jyri Kaljundi (Jan 11)
- Re: extra long URL attack M Shariful Anam (Jan 11)
- Re: extra long URL attack Marc Slemko (Jan 11)
- Security release: Apache 1.1.2 Brian Behlendorf (Jan 12)
- Apache 1.1.1 overflow David Sacerdote (Jan 12)
- AIX for PowerPC exploit Georgi Guninski (Jan 12)
