Determine script name behind a mod_rewrite

-
Qouted from here : http://ptresearch.blogspot.com/2010/09/fuzzing-of-modrewrite-protected-site.html?showComment=1284996551492#c3759944444184118630

0x32353031 said...

determining the script name is pretty easy.
just a lil trick to use:

H=ha.ckers.org; echo -ne "POST /blog/category/webappsec/books/ HTTP/1.1\nHost: $H\nConnection: close\nContent-length: x\n\n" | nc $H 80 | less

note the content-length field's value... its invalid :P

This will produce a simple HTTP/1.1 413 Request Entity Too Large, with a common 413 error message/html followed by the site's code.

take a closer look...

HTTP/1.1 413 Request Entity Too Large
Date: Mon, 20 Sep 2010 14:56:41 GMT
Server: Apache
Connection: close
Content-Type: text/html; charset=iso-8859-1

!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"
html head
title 413 Request Entity Too Large /title
head body
h1 Request Entity Too Large /h1
The requested resource br / /blog/index.php br /

...etc html blah blah

rewite revealed, its pointin to /blog/index.php
apache bug/"feature", works most of the time.
thats all :)

-CJ

Super nice hack.

//alak

Comments

Post a Comment

Popular posts from this blog

SAP: Segregate Different SMTP Mail Server Based on Sender Domain

-
Image
  Requirement : An SAP server, with a single Productive client shared by multiple company codes. Each CoCode would have their own domain (FQDN), and any email send out, for example PO to vendors, are to be sent using each individual CoCode SMTP mail server. Solution Steps: 1. Configure multiple SMTP nodes in Tx SCOT, limiting each node with a Sender Group 2. Set different Sender Group (CDG) parameters for each user of each CoCode (Tx SU01 > Parameters) 3. Test using SCOT's Routing Test feature 4. Profit Detail Step: Logon to SAP system and configure multiple SMTP Node, can use  Continue with SCOT Wizard. Once you get multiple Nodes (as per below screenshot), double click any of them,  In this example, we double click on the "SECOND" node. And then click on "Set" button for the address type you want to configure (that would most probably be for INT type) And click the Pencil icon for setting the Sender Group Here we can set based on FQDN or any string. We are ...
Read more

SAP Client Copy Error: Errors occurred during export of container object FINB-TR-DERIVATION

-
 Reference from: https://www.consultoria-sap.com/2010/03/client-copy-derivation-rule-tables-are.html TL;DR - Execute report ABADRCHECK with selected 'DELSTEPS' //alak ==== Client copy is completed with status "Post-Processing Required". There is an error in log for object FINB-TR-DERIVATION: DA300 "No active nametab exists for *some db table*" Name of db table is usually with naming convention: xxyyyysssmmmnnnn (xx - application class, yyyy - strategy ID, sss - system indicator, mmm - client, nnnn - sequence number) These db tables are part of some instance of derivation tool in your system and are used to store Derivation Rule Values. Other terms ABADR, FINB_TR_CC_EXIT, FINB_TR_CC_EXIT_TARGET, DA 300, DA300, CC, SCC9, SCCL, SCC3 Reason and Prerequisites During processing CC there was huge workload into your system. CC processcreates new tables to store copied derivation rules. This is done in parallel asynchronous process. But due to workload into system, t...
Read more

Quick Dirty Script for Checking Oracle Data Gurad Gap and Emailing it

-
 Situation: primary DB: prd_CCC standby DB: prd_WWW file 1: gap-check.bat @echo off cls echo. echo. echo This script checks for Archive Logs at prd_ccc and Applied Logs at prd_www echo. echo Querying prd_ccc (Primary) echo select max(sequence#) "Primary" from v$archived_log where archived='YES';|sqlplus -s / as sysdba echo Querying prd_www (Standby) echo select max(sequence#) "Standby" from v$archived_log where applied='YES';|sqlplus -s / as sysdba echo. DGMGRL / "show configuration" date /t && time /t && hostname && whoami file 2: emailer.ps1 $Username      = "username" $EmailPassword = "password" $today = Get-Date $Username = $Username $EmailTo = "adam@jasabyte.com"  $EmailFrom = "server@jasabyte.com" $Body = Get-Content .\status.log -Raw $Subject = "PRIMARY/STANDBY DB GAP - $today" $SMTPServer = "mail.smtp2go.com"  $SMTPMessage = New-Object System.Net.Mai...
Read more