extra long URL attack (fwd)

[Michael Douglass <mi...@texas.net>]

I tested this on 1.1.1 and it does, in fact, work.  The only question is
what else (besides getting an index of /) can this be used for.  I checked
to make sure you weren't already discussing this and only found the talk
about the mod_cookie.c bug; unless I missed this one somewhere.

(Just making sure ya'll don't miss one)

Michael Douglass
Texas Networking, Inc.

 "The past is a foreign country; they do things differently there."
      L. P. Hartley, British author. The Go-Between, Prologue (1953).

---------- Forwarded message ----------
Date: Fri, 10 Jan 1997 22:43:10 -0800
From: strick -- henry strickland <st...@versant.com>
To: Multiple recipients of list BUGTRAQ <BU...@NETSPACE.ORG>
Subject: extra long URL attack

I don't know about CGI attacks, but this extra long URL to
my site running
        Server version Stronghold/1.3 Ben-SSL/1.3 Apache/1.1.1.
will show you the raw contents of the top directory
rather than the /index.html file (using Netscape Navigator 3.0 solaris
for a browser).

i've always wondered how safe it was to count on nobody seeing
past your index.html -- now i know.  I wonder if some varient
will get you the root directory of my entire filesystem instead
of just the top directory of my web.  I knew I should have
chrooted this stuff....

szia, strick


begin 644 xyz.html.gz
M'XL("(<RUS("`WAY>BYH=&UL`.W:00J#,!2$X7U.D1.\MR_6NZ3V21Z&6&R@
M>'M=B!0\0<O_S6)N,*L9YU+F3VS9W]'KL-C3'\5BZ%+,BXWWW-KKIFK5TR!K
MFJ1:4SFB(GK)60#^W[D&````````````````````P`_X.L'WH7B=.DV]A-T&
(-S/()ETO``#)
`
end