Fw: Bugtraq ID 2503 : Apache Artificially Long Slash Path Directory Listing Exploit

["SDL Office" <bugtraq () sentry-labs com>]

I really noticed many people (not only small servers, also some realyl big
 ones who should know better) are still running vulnerable verions of Apache
 and noticed some things I disliked when testing this exploit, so I rewrote
a
 lot of it's code. Now it will also work if executed from a Windows box. I
 also made it much esaier to use. I hope you, who are intreted in testing
 this issue, will enjoy it. File is attached.

 Here is a change log:

 - help added (more user firendly :-) )
 - messages added
 - exploit is now able to be executed on WinNT or 2k.
 - uses perl version of BSD sockets (compatible to Windows)

 Siberian
 (www.sentry-labs.com)

 P.S.: Yes, I really got too much free time :-P. Took about 30 min. to
 rewrite.

 ----- Original Message -----
 From: Matt Watchinski <matt () farm9 com>
 To: <bugtraq () securityfocus com>
 Sent: Wednesday, June 13, 2001 9:44 AM
 Subject: Bugtraq ID 2503 : Apache Artificially Long Slash Path Directory
 Listing Exploit


> #!/usr/bin/perl
 [snip]
> # Name: Apache Artificially Long Slash Path Directory Listing Exploit
> # Author: Matt Watchinski
> # Ref: SecurityFocus BID 2503
[snip]

Attachment: apache2.pl
Description: