Bugtraq mailing list archives

Re: Apache Artificially Long Slash Path Directory Listing Vulnerabili ty -- FILE READ ACCESS

From: Stephen Cope <mail-e-e4f9ad24cc1631d595 () kimihia org nz>
Date: Sat, 28 Jul 2001 11:49:30 +1200

Brian Dinello wrote:
: Old news:  As the vulnerability's description describes, any user
: with a web browser can obtain directory listing of the Apache http
: root directory, even if the directory contains an index.html file and
: is password protected.  

$ lynx -head -dump http://server:8080/
HTTP/1.0 200 OK
Date: Fri, 27 Jul 2001 23:45:50 GMT
Server: Apache/1.3.20 (Unix) PHP/4.0.6

Using Matt Watchinski's 'Apache Overflow' script on the same server above
I get the result:

Found the magic number: 8171

Checking by hand, yes indeed, the directory listing is displayed.

Although I toyed around with it by hand, I wasn't able to get into any
password protected directories like this:

: Download an Arbitrary file:
: http://15.16.17.18////////////////////////////////////////////////////
: ////thisfile.txt

-- 
Stephen Cope - http://sdc.org.nz/

Current thread:

Apache Artificially Long Slash Path Directory Listing Vulnerabili ty -- FILE READ ACCESS Brian Dinello (Jul 26)
- Re: Apache Artificially Long Slash Path Directory Listing Vulnerability -- FILE READ ACCESS Moorjani uday (Jul 27)
- Re: Apache Artificially Long Slash Path Directory Listing Vulnerabili ty -- FILE READ ACCESS Stephen Cope (Jul 28)