Bugtraq mailing list archives
Fw: Bugtraq ID 2503 : Apache Artificially Long Slash Path Directory Listing Exploit
From: "SDL Office" <bugtraq () sentry-labs com>
Date: Sun, 24 Jun 2001 22:08:42 +0200
I really noticed many people (not only small servers, also some realyl big ones who should know better) are still running vulnerable verions of Apache and noticed some things I disliked when testing this exploit, so I rewrote a lot of it's code. Now it will also work if executed from a Windows box. I also made it much esaier to use. I hope you, who are intreted in testing this issue, will enjoy it. File is attached. Here is a change log: - help added (more user firendly :-) ) - messages added - exploit is now able to be executed on WinNT or 2k. - uses perl version of BSD sockets (compatible to Windows) Siberian (www.sentry-labs.com) P.S.: Yes, I really got too much free time :-P. Took about 30 min. to rewrite. ----- Original Message ----- From: Matt Watchinski <matt () farm9 com> To: <bugtraq () securityfocus com> Sent: Wednesday, June 13, 2001 9:44 AM Subject: Bugtraq ID 2503 : Apache Artificially Long Slash Path Directory Listing Exploit
#!/usr/bin/perl
[snip]
# Name: Apache Artificially Long Slash Path Directory Listing Exploit # Author: Matt Watchinski # Ref: SecurityFocus BID 2503
[snip]
Attachment:
apache2.pl
Description:
Current thread:
- Fw: Bugtraq ID 2503 : Apache Artificially Long Slash Path Directory Listing Exploit SDL Office (Jun 24)
- <Possible follow-ups>
- Re: Fw: Bugtraq ID 2503 : Apache Artificially Long Slash Path Directory Listing Exploit rain forest puppy (Jun 29)