|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Felix Huber (huberfelix
webtopia.de)Date: Thu Nov 08 2001 - 15:30:09 CST
Hi,
you can detect such a server very easily:
----------------------------------------
GET /index.html HTTP/1.0
HTTP/1.0 200 OK
Server: IBM-HTTP-Server/1.0
....
Content-Type: text/html
----------------------------------------
----------------------------------------
GET /index.html/ HTTP/1.0
HTTP/1.0 200 OK
Server: IBM-HTTP-Server/1.0
....
Content-Type: www/unknown <------- here
----------------------------------------
A NASL Script is attached...
Regards,
Felix Huber
-------------------------------------------------------
Felix Huber, Security Consultant, Webtopia
Guendlinger Str.2, 79241 Ihringen - Germany
huberfelixwebtopia.de (07668) 951 156 (phone)
http://www.webtopia.de (07668) 951 157 (fax)
(01792) 205 724 (mobile)
-------------------------------------------------------
> IBM's HTTP Server on the AS/400 platform is vulnerable to an attack
> that will show the source code of the page -- such as an .html or .jsp
> page -- by attaching an '/' to the end of a URL.
>
> Compare these two URL's:
>
> http://www.foo.com/getsource.jsp
>
> http://www.foo.com/getsource.jsp/
>
> The later URL will deliver the jsp source to the browser.
>
> I reported this problem to IBM approximately 9 or 10 months ago.
- application/octet-stream attachment: ibm_server_code.nasl
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]