Re: [Full-disclosure] IIS 6.0 AUX.aspx DoS



Off-Topic:

AUX seems also to be a funny way to check if Apache server stands on
Windows host.

Google inurl:phpinfo.php apache cmd.exe
check:
/test (returns 404)
/AUX (returns 403 - !)

Google inurl:phpinfo.php apache /bin/sh
check:
/test (returns 404)
/AUX (returns 404)

Best regards,
Łukasz Pilorz
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Relevant Pages

  • Re: Apache problem/question
    ... >access my apache server -> not to use http://localhost but to use ... i have tried to adjust the vhost section acording to the ... >guide in the apache web page, but when i try i get error 404. ... >should i install Apache 1.3.x? ...
    (comp.lang.php)
  • Re: question about network setup
    ... Others can use the public IP on your router and hit the apache server? ... If the answers to the above are yes, this is the way your router keeps the public IP separate from the private LAN ip's. ... MailScanner thanks transtec Computers for their support. ...
    (freebsd-questions)
  • more questions about apache configuration in Fedora Core 4 environment
    ... In apache 2.0, Port directive is gone. ... apache server listening to our web service request ... directives, one is Listen 900, another is Listen 9000, ...
    (Fedora)
  • Re: approaches to PHP-based application interface?
    ... One major advantage of sticking with PHP is that my fairly large ... stripped-down browser so it runs as a Windows application without any ... apache involvement. ... an apache server. ...
    (comp.lang.php)
  • Re: Viewing web content off-line (Apache) - default Oracle install of self-service apps
    ... You should encrypt the output from apache server, redirecting ports, and ... Viewing web content off-line (Apache) - default Oracle install of ... > irrelevant to a security list, so I am trying to reformulate to emphasize ... > being the "tweaking" of the browser in the security options, ...
    (Security-Basics)