iis_frag_disclosure #2

From: Noam Rathaus (noamrat_private)
Date: Sat Mar 29 2003 - 02:15:55 PST

Next message: Renaud Deraison: "Re: iis_frag_disclosure #2"

Previous message: wayfarer: "mod_ssl_overflow false positives on Apache2 ?"
Next in thread: Renaud Deraison: "Re: iis_frag_disclosure #2"
Reply: Renaud Deraison: "Re: iis_frag_disclosure #2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

Here is an additional patch for the issue, the error 403 is not localized, nor
generic enough (" 403 Forbidden " is accepted for example).

6d5
< # Patch to detect whether the Redirected is UNAUTHORIZED
56d54
<
66c64
<     if(" 403 " >< data)exit(0); # if default response is Access Forbidden, a
false positive will result
---
>     if(" 403 Access Forbidden" >< data)exit(0); # if default response is
Access Forbidden, a false positive will result
98,109d95
<
<     req = http_get(item:BaseURL, port:port);
<     soc=http_open_socket(port);
<
<     send(socket:soc,data:req);
<     data = http_recv(socket:soc);
<
<     if(" 403 " >< data)exit(0); # if default response is Access Forbidden, a
false positive will result
<     if(" 401 Unauthorized" >< data)exit(0);
<     if("WWW-Authenticate" >< data)exit(0);
<
<     http_close_socket(soc);

Thanks
Noam Rathaus
CTO
Beyond Security Ltd
http://www.SecurITeam.com
http://www.BeyondSecurity.com

Next message: Renaud Deraison: "Re: iis_frag_disclosure #2"
Previous message: wayfarer: "mod_ssl_overflow false positives on Apache2 ?"
Next in thread: Renaud Deraison: "Re: iis_frag_disclosure #2"
Reply: Renaud Deraison: "Re: iis_frag_disclosure #2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Mar 29 2003 - 02:16:39 PST