Vulnerability Development mailing list archives

Problems in Apache 1.3.22

From: Kerozene <kerozene () phreaker net>
Date: Thu, 7 Mar 2002 15:20:04 -0300

Hackemate Labs - Advisory
http://hackemate.com.ar research


This test was done in an Apache 1.3.22 with PHP/4.0.6
Installed in Windows 98 Second Edition:

When you make the next request, it takes you to the
index of the site, the main page, as if you hadn´t put
the bars. This request has 232 bars

http://127.0.0.1////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

OK

But if you make a request with 233 bars it shows you the
Forbidden messsage. Here is the request with 233 bars.

http://127.0.0.1/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

And the result:

Forbidden
You don't have permission to access 
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
 on this server.


--------------------------------------------------------------------------------

Apache/1.3.22 Server at localhost Port 80


*****
Making this test I also realised that Internet Explorer doesn´t let
you put an adress of more than 2047 characters in the URL bar


Kerozene 1999-2002 c0oL!
kerozene () hackemate com ar
www.hackemate.com.ar

Current thread:

Problems in Apache 1.3.22 Kerozene (Mar 07)
- Re: Problems in Apache 1.3.22 Erik Parker (Mar 07)
- Re: Problems in Apache 1.3.22 Kerberus (Mar 07)
- <Possible follow-ups>
- Re: Problems in Apache 1.3.22 zeno (Mar 08)
- Re: Problems in Apache 1.3.22 Wodahs Latigid (Mar 08)