On 8/24/06, Jeremy Kelley <jeremy@xxxxxxxx> wrote:
So my question is, the note states:
For example, rules with this format expose the vulnerability
RewriteRule fred/(.*) $1
While rules with this format do not expose the vulnerability:
RewriteRule fred/(.*) joe/$1
So my question is:
Is it the fact that there is not any other explicit path to be
re-written that makes the first case vulnerable?
No. It is specifically the fact that you are able to control the very first part of the target path, so as to insert the string ldap:// at the very beginning.
For example, would this statement be vulnerable? RewriteRule fred/(.*) http://www.joe.com/$1
That is not vulnerable. Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|