Vulnerability Development mailing list archives
Re: Problems in Apache 1.3.22
From: Kerberus <kerberus () microbsd net>
Date: 07 Mar 2002 17:05:53 -0500
Advisory for what ?? Doesnt do anything on my box but server the requested page http://127.0.0.1/ looks to me like it ignores the rest FreeBSD dunno.somehost.com 4.5-STABLE FreeBSD 4.5-STABLE #13: Fri Feb 22 17:06:28 EST 2002 root () dunno somehost com:/usr/obj/usr/src/sys/LOCKED i386 httpd -v Server version: Apache/1.3.23 (Unix) Server built: Jan 28 2002 13:10:29 httpd -V Server version: Apache/1.3.23 (Unix) Server built: Jan 28 2002 13:10:29 Server's Module Magic Number: 19990320:11 Server compiled with.... -D HAVE_MMAP -D USE_MMAP_SCOREBOARD -D USE_MMAP_FILES -D HAVE_FLOCK_SERIALIZED_ACCEPT -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT -D SO_ACCEPTFILTER -D ACCEPT_FILTER_NAME="httpready" -D HTTPD_ROOT="/usr/local" -D SUEXEC_BIN="/usr/local/sbin/suexec" -D DEFAULT_PIDLOG="/var/run/httpd.pid" -D DEFAULT_SCOREBOARD="/var/run/httpd.scoreboard" -D DEFAULT_LOCKFILE="/var/run/httpd.lock" -D DEFAULT_XFERLOG="/var/log/httpd-access.log" -D DEFAULT_ERRORLOG="/var/log/httpd-error.log" -D TYPES_CONFIG_FILE="etc/apache/mime.types" -D SERVER_CONFIG_FILE="etc/apache/httpd.conf" -D ACCESS_CONFIG_FILE="etc/apache/access.conf" -D RESOURCE_CONFIG_FILE="etc/apache/srm.conf" On Thu, 2002-03-07 at 13:20, Kerozene wrote:
Hackemate Labs - Advisory http://hackemate.com.ar research This test was done in an Apache 1.3.22 with PHP/4.0.6 Installed in Windows 98 Second Edition: When you make the next request, it takes you to the index of the site, the main page, as if you hadn´t put the bars. This request has 232 bars http://127.0.0.1//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// OK But if you make a request with 233 bars it shows you the Forbidden messsage. Here is the request with 233 bars. http://127.0.0.1///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// And the result: Forbidden You don't have permission to access ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// on this server. -------------------------------------------------------------------------------- Apache/1.3.22 Server at localhost Port 80 ***** Making this test I also realised that Internet Explorer doesn´t let you put an adress of more than 2047 characters in the URL bar Kerozene 1999-2002 c0oL! kerozene () hackemate com ar www.hackemate.com.ar
Current thread:
- Problems in Apache 1.3.22 Kerozene (Mar 07)
- Re: Problems in Apache 1.3.22 Erik Parker (Mar 07)
- Re: Problems in Apache 1.3.22 Kerberus (Mar 07)
- <Possible follow-ups>
- Re: Problems in Apache 1.3.22 zeno (Mar 08)
- Re: Problems in Apache 1.3.22 Wodahs Latigid (Mar 08)