lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
From: novappc at novappc.com (Lorenzo Hernandez Garcia-Hierro)
Subject: Possible Apache directory rules bypass / override

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi ,
I'm testing somethings in Apache about the url parsing of the server
,
i don't now if the Apache server parse completely provided urls when
those urls are in this format:

[PROTOCOL HTTP / HTTPS ][SITE]/[DIR TO OVERRIDE RULES]/../[DIR TO
OVERRIDE RULES]/../[DIR TO OVERRIDE RULES]/../[DIR TO OVERRIDE
RULES]/../[DIR TO OVERRIDE RULES]/../../[DIR TO OVERRIDE
RULES]/../../../[DIR WITH NO RULES OR ACCESS CONTROL]/../[THE SAME NO
CONTROLLED DIR OR OTHER NOT CONTROLLED]/../../../../[DIR WITH NO
CONTROL RULES]/../

If this can be possible , it can't affect ip based access controls
but other controls can be affected , or not ?

This is not a vulnerability because i can't confirm it but i want to
check the source code , i'm open for 
suggestions .

i'm posting this because i'm a little confused , and other
possibilities , if the url is encoded ? does Apache check
correctly this when it is encoded ?

One thing is sure:  this can not affect ip based rules such as deny
or allow

PS: can be this related with the mod_write vulnerabilities ?

Regards, 

- ------------------------------------------------------
Lorenzo Hernandez Garcia-Hierro
- ---       Security Consultant           ---
- ------------------NSRGroup-------------------
PGP: Keyfingerprint
B6D7 5FCC 78B4 97C1  4010 56BC 0E5F 2AB2
ID: 0x9C38E1D7
**********************************
NSRGroup 
( No Secure Root Group Security Research Team ) /
( NovaPPC Security Research Group )
http://security.novappc.com
______________________

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBP3hU8PKXc1fYDvGLEQLw/ACfUvIWyT86kiKZyctrzCwRiuuZTU0AoOyG
KWV9sdRESwgz1pQbenNAoDhb
=NjBX
-----END PGP SIGNATURE-----



Powered by blists - more mailing lists