Penetration Testing mailing list archives

Re: uploading files to Apache webserver

From: mel <meling () scan-associates net>
Date: Thu, 18 Oct 2001 09:14:24 +0800

have you tested the PUT script so it is known working ?


it turns out that that particular directory, will give the same
HTML page no matter what html request I give:

http://victim/dir/  will return a default HTML page (which is actually
an output of some CGIs for debugging)
http://victim/dir/1.txt returns the same thing as above
http://victim/dir/non_existent_file returns the same as above

Thus /dir is mapped to a virtual directory or file (I'm not sure how this is
done in Apache)

--mel 
meling mudin (meling () scan-associates net)

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

uploading files to Apache webserver mel (Oct 17)
- <Possible follow-ups>
- Re: uploading files to Apache webserver dzzie (Oct 17)
  - Re: uploading files to Apache webserver mel (Oct 18)