Advisory for what ?? Doesnt do anything on my box but server the requested page http://127.0.0.1/ looks to me like it ignores the rest FreeBSD dunno.somehost.com 4.5-STABLE FreeBSD 4.5-STABLE #13: Fri Feb 22 17:06:28 EST 2002 rootat_private:/usr/obj/usr/src/sys/LOCKED i386 httpd -v Server version: Apache/1.3.23 (Unix) Server built: Jan 28 2002 13:10:29 httpd -V Server version: Apache/1.3.23 (Unix) Server built: Jan 28 2002 13:10:29 Server's Module Magic Number: 19990320:11 Server compiled with.... -D HAVE_MMAP -D USE_MMAP_SCOREBOARD -D USE_MMAP_FILES -D HAVE_FLOCK_SERIALIZED_ACCEPT -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT -D SO_ACCEPTFILTER -D ACCEPT_FILTER_NAME="httpready" -D HTTPD_ROOT="/usr/local" -D SUEXEC_BIN="/usr/local/sbin/suexec" -D DEFAULT_PIDLOG="/var/run/httpd.pid" -D DEFAULT_SCOREBOARD="/var/run/httpd.scoreboard" -D DEFAULT_LOCKFILE="/var/run/httpd.lock" -D DEFAULT_XFERLOG="/var/log/httpd-access.log" -D DEFAULT_ERRORLOG="/var/log/httpd-error.log" -D TYPES_CONFIG_FILE="etc/apache/mime.types" -D SERVER_CONFIG_FILE="etc/apache/httpd.conf" -D ACCESS_CONFIG_FILE="etc/apache/access.conf" -D RESOURCE_CONFIG_FILE="etc/apache/srm.conf" On Thu, 2002-03-07 at 13:20, Kerozene wrote: > Hackemate Labs - Advisory > http://hackemate.com.ar research > > > This test was done in an Apache 1.3.22 with PHP/4.0.6 > Installed in Windows 98 Second Edition: > > When you make the next request, it takes you to the > index of the site, the main page, as if you hadnīt put > the bars. This request has 232 bars > > http://127.0.0.1//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// > > OK > > But if you make a request with 233 bars it shows you the > Forbidden messsage. Here is the request with 233 bars. > > http://127.0.0.1///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// > > And the result: > > Forbidden > You don't have permission to access ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// on this server. > > > -------------------------------------------------------------------------------- > > Apache/1.3.22 Server at localhost Port 80 > > > ***** > Making this test I also realised that Internet Explorer doesnīt let > you put an adress of more than 2047 characters in the URL bar > > > Kerozene 1999-2002 c0oL! > kerozeneat_private > www.hackemate.com.ar > >
This archive was generated by hypermail 2b30 : Thu Mar 07 2002 - 14:24:53 PST