I really noticed many people (not only small servers, also some realyl big
ones who should know better) are still running vulnerable verions of Apache
and noticed some things I disliked when testing this exploit, so I rewrote
a
lot of it's code. Now it will also work if executed from a Windows box. I
also made it much esaier to use. I hope you, who are intreted in testing
this issue, will enjoy it. File is attached.
Here is a change log:
- help added (more user firendly :-) )
- messages added
- exploit is now able to be executed on WinNT or 2k.
- uses perl version of BSD sockets (compatible to Windows)
Siberian
(www.sentry-labs.com)
P.S.: Yes, I really got too much free time :-P. Took about 30 min. to
rewrite.
----- Original Message -----
From: Matt Watchinski <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, June 13, 2001 9:44 AM
Subject: Bugtraq ID 2503 : Apache Artificially Long Slash Path Directory
Listing Exploit
> #!/usr/bin/perl
[snip]
> # Name: Apache Artificially Long Slash Path Directory Listing Exploit
> # Author: Matt Watchinski
> # Ref: SecurityFocus BID 2503
[snip]
apache2.pl