Brian Dinello wrote:
: Old news: As the vulnerability's description describes, any user
: with a web browser can obtain directory listing of the Apache http
: root directory, even if the directory contains an index.html file and
: is password protected.
$ lynx -head -dump http://server:8080/
HTTP/1.0 200 OK
Date: Fri, 27 Jul 2001 23:45:50 GMT
Server: Apache/1.3.20 (Unix) PHP/4.0.6
Using Matt Watchinski's 'Apache Overflow' script on the same server above
I get the result:
Found the magic number: 8171
Checking by hand, yes indeed, the directory listing is displayed.
Although I toyed around with it by hand, I wasn't able to get into any
password protected directories like this:
: Download an Arbitrary file:
: http://15.16.17.18////////////////////////////////////////////////////
: ////thisfile.txt
--
Stephen Cope - http://sdc.org.nz/
