Jump to content


Photo

http://www.myserver/?N=D


  • Please log in to reply
2 replies to this topic

#1 cyber_amnesia

cyber_amnesia
  • New Members
  • Pip
  • Newbie
  • 1 posts

Posted 04 February 2003 - 03:39 PM

Hello everybody.. I was checking the logs of my server and I found that somebody was using \"?N=D\" at the end of the URL. I tried it and that enable to see all the files and directories on my server..... I have the feeling that my Apache configuration is missing something... Can sobody help me out . PLease

Thank you in advance

#2 effigy

effigy
  • Staff Alumni
  • Advanced Member
  • 3,600 posts
  • LocationIL

Posted 04 February 2003 - 10:32 PM

interesting... i\'m trying to hunt this down... a few questions:

- what apache version?
- what OS are you running apache on?
- does this directory contain an index file?
- does this directory have the Indexes option set?
Regexp | Unicode Article | Letter Database
/\A(e)?((1)?ff(?:(?:ig)?y)?|f(?:ig)?)\z/

#3 effigy

effigy
  • Staff Alumni
  • Advanced Member
  • 3,600 posts
  • LocationIL

Posted 04 February 2003 - 10:41 PM

http://cve.mitre.org...e=CAN-2001-0731
it says this issue was fixed in apache 1.3.22
Regexp | Unicode Article | Letter Database
/\A(e)?((1)?ff(?:(?:ig)?y)?|f(?:ig)?)\z/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users