Remote Apache 1.3.x Exploit

From: gobblesat_private
Date: Wed Jun 19 2002 - 12:45:24 PDT

  • Next message: Edwin Groothuis: "Re: apache chunked encoding"

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
    
    This is for immediate release.  This may not be sent to any "advanced warning system", such as ARIS.  This was written for the community, and not just a few companies with deep pockets full of the big dollar.
    
    Attached is a remote Apache 1.3.X exploit for the "chunking" vulnerability.  This version of the exploit works only on OpenBSD.  "Experts" have argued as to why this is not exploitable on x86/*nix.  This version of the exploit has been modified to convince these "experts" that they are wrong.  Further, it is very ./friendly and all scriptkids/penetration testers should be able to run it without any trouble.
    
    My God have mercy on our souls.
    
    - -GOBBLES Security
    
    -----BEGIN PGP SIGNATURE-----
    Version: Hush 2.1
    Note: This signature can be verified at https://www.hushtools.com
    
    wlwEARECABwFAj0Q3g8VHGdvYmJsZXNAaHVzaG1haWwuY29tAAoJEBzRp5chmbAP7R0A
    nRyuMq0D8z0T6bg++HH27mGXyPqlAJ9l6Qv8h/5+2pvnn6nJ+sUUZdeebw==
    =5v5m
    -----END PGP SIGNATURE-----
    
    
    




    This archive was generated by hypermail 2b30 : Wed Jun 19 2002 - 18:01:09 PDT