Brian Dinello wrote: : Old news: As the vulnerability's description describes, any user : with a web browser can obtain directory listing of the Apache http : root directory, even if the directory contains an index.html file and : is password protected. $ lynx -head -dump http://server:8080/ HTTP/1.0 200 OK Date: Fri, 27 Jul 2001 23:45:50 GMT Server: Apache/1.3.20 (Unix) PHP/4.0.6 Using Matt Watchinski's 'Apache Overflow' script on the same server above I get the result: Found the magic number: 8171 Checking by hand, yes indeed, the directory listing is displayed. Although I toyed around with it by hand, I wasn't able to get into any password protected directories like this: : Download an Arbitrary file: : http://15.16.17.18//////////////////////////////////////////////////// : ////thisfile.txt -- Stephen Cope - http://sdc.org.nz/
This archive was generated by hypermail 2b30 : Fri Jul 27 2001 - 19:51:03 PDT