I really noticed many people (not only small servers, also some realyl big ones who should know better) are still running vulnerable verions of Apache and noticed some things I disliked when testing this exploit, so I rewrote a lot of it's code. Now it will also work if executed from a Windows box. I also made it much esaier to use. I hope you, who are intreted in testing this issue, will enjoy it. File is attached. Here is a change log: - help added (more user firendly :-) ) - messages added - exploit is now able to be executed on WinNT or 2k. - uses perl version of BSD sockets (compatible to Windows) Siberian (www.sentry-labs.com) P.S.: Yes, I really got too much free time :-P. Took about 30 min. to rewrite. ----- Original Message ----- From: Matt Watchinski <mattat_private> To: <bugtraqat_private> Sent: Wednesday, June 13, 2001 9:44 AM Subject: Bugtraq ID 2503 : Apache Artificially Long Slash Path Directory Listing Exploit > #!/usr/bin/perl [snip] > # Name: Apache Artificially Long Slash Path Directory Listing Exploit > # Author: Matt Watchinski > # Ref: SecurityFocus BID 2503 [snip]
This archive was generated by hypermail 2b30 : Sun Jun 24 2001 - 14:59:47 PDT