Bugtraq mailing list archives

Re: Fw: Bugtraq ID 2503 : Apache Artificially Long Slash Path Directory Listing Exploit

From: rain forest puppy <rfp () wiretrip net>
Date: Thu, 28 Jun 2001 18:06:52 -0500 (CDT)


Well, I might as well have my hand in recoding this exploit. ;)

Attached is apache3.pl, which is a recoded version of Siberian's recode of
Matt Watchinski's exploit.  My version uses libwhisker, which allows the
exploit to have HTTP/1.1, proxy, and SSL support automatically.  Basic
support (not including SSL) should work for any platform having Perl.

To use the attached exploit, you'll need a copy of libwhisker.  The latest
is pr3, downloadable at:
http://www.wiretrip.net/rfp/p/doc.asp?id=21&iface=7

You can either grab the developer tarball and build/install it, or just
grab the libwhisker.pm, put it in the same directory as the apache3.pl,
and just run apache3.pl--perl will use the libwhisker.pm module in the
same directory.

For SSL support, you'll need either Crypt::SSLeay or Net::SSLeay installed
(which may require OpenSSL).  I think ActiveState has ported
Crypt::SSLeay/Net::SSL (not Net::SSLeay) over to Windows, so Windows users
should have SSL support as well.

If anyone is interested in libwhisker and further using it, consider
joinging the whisker-devel mailing list at:
http://sourceforge.net/projects/whisker/

And as always, feedback always welcome.  See everyone at BlackHat/DefCon!

- rfp

Attachment: apache3.pl
Description:

Current thread:

Fw: Bugtraq ID 2503 : Apache Artificially Long Slash Path Directory Listing Exploit SDL Office (Jun 24)
- <Possible follow-ups>
- Re: Fw: Bugtraq ID 2503 : Apache Artificially Long Slash Path Directory Listing Exploit rain forest puppy (Jun 29)