[HACK] apache chunk vuln

zero zeroboy at arrakis.es
Thu Jun 20 15:30:07 CEST 2002 

Hola a todos,
         Me imagino que ya habreis oido hablar del ultimo fallo en apache. 
Bueno, en teoría según los expertos, era muy dificil explotar el fallo en 
plataformas *nix y el mayor problema venía sobre plataformas win32. Como 
no, Gobbles para llevar la contraria ha liberado un exploit remoto para 
OBSD demostrando que también es factible.
         Es de esperar que vayan saliendo cada vez mas exploits. He estado 
probando el de gobbles y no he conseguido que funcione, seguramente tendré 
q cambiar algún offset, el caso es que esta es la pinta que tienen los logs 
del apache cuando el exploit es ejecutado con bruteforce:

access.log:

x.x.x.x - - [20/Jun/2002:09:36:29 +0000] "GET / HTTP/1.1" 400 383
x.x.x.x - - [20/Jun/2002:10:13:51 +0000] "GET / HTTP/1.1" 400 383
x.x.x.x - - [20/Jun/2002:10:27:43 +0000] "GET / HTTP/1.1" 400 383
x.x.x.x - - [20/Jun/2002:10:55:29 +0000] "GET / HTTP/1.1" 400 383
x.x.x.x - - [20/Jun/2002:11:17:00 +0000] "GET / HTTP/1.1" 400 383
x.x.x.x - - [20/Jun/2002:11:39:02 +0000] "GET / HTTP/1.1" 400 383

error.log:

  [Thu Jun 20 10:13:51 2002] [error] [client x.x.x.x] request failed: error 
reading the headers
  [Thu Jun 20 10:27:43 2002] [error] [client x.x.x.x] request failed: error 
reading the headers
  [Thu Jun 20 10:55:29 2002] [error] [client x.x.x.x] request failed: error 
reading the headers
  [Thu Jun 20 11:17:00 2002] [error] [client x.x.x.x] request failed: error 
reading the headers
  [Thu Jun 20 11:39:02 2002] [error] [client x.x.x.x] request failed: error 
reading the headers

  [Thu Jun 20 11:39:54 2002] [notice] child pid 2832 exit signal 
Segmentation fault (11)

Esto es lo que obtengo yo en mi maquina linux parcheada:

[Thu Jun 20 13:51:09 2002] [error] [client x.x.x.x] chunked 
Transfer-Encoding forbidden: /index.php
[Thu Jun 20 13:51:12 2002] [error] [client x.x.x.x] chunked 
Transfer-Encoding forbidden: /index.php
[Thu Jun 20 13:51:15 2002] [error] [client x.x.x.x] chunked 
Transfer-Encoding forbidden: /index.php

my two cents

Salu2

www.citfi.org
www.podergeek.com
**********************************
"The further backward you look, the further forward you can see" Winston 
Churchill
"Access is GOD..."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 222 bytes
Desc: not available
URL: <https://mailman.jcea.es/pipermail/hacking/attachments/20020620/e4b953ca/attachment.sig>

More information about the hacking mailing list