From owner-freebsd-security  Sat Sep 30 18:30:42 2000
Delivered-To: freebsd-security@freebsd.org
Received: from nagual.pp.ru (pobrecita.freebsd.ru [194.87.13.42])
	by hub.freebsd.org (Postfix) with ESMTP id C6CCB37B502
	for <security@freebsd.org>; Sat, 30 Sep 2000 18:30:39 -0700 (PDT)
Received: (from ache@localhost)
	by nagual.pp.ru (8.11.0/8.11.0) id e911UZA26533;
	Sun, 1 Oct 2000 05:30:35 +0400 (MSD)
	(envelope-from ache)
Date: Sun, 1 Oct 2000 05:30:35 +0400
From: "Andrey A. Chernov" <ache@nagual.pp.ru>
To: Igor Roshchin <str@giganda.komkon.org>
Cc: security@freebsd.org
Subject: Re: A new problem in apache ?
Message-ID: <20001001053035.A26403@nagual.pp.ru>
References: <200010010102.VAA41966@giganda.komkon.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <200010010102.VAA41966@giganda.komkon.org>; from str@giganda.komkon.org on Sat, Sep 30, 2000 at 09:02:15PM -0400
Organization: Biomechanoid
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Sat, Sep 30, 2000 at 09:02:15PM -0400, Igor Roshchin wrote:
> > > Here are some example RewriteRule directives. The first is vulnerable, but the others are not
> > >
> > > 	RewriteRule    /test/(.*)		/usr/local/data/test-stuff/$1

Looks like famous ../../../ trick can be used.

> > > 	RewriteRule    /more-icons/(.*)		/icons/$1
> > > 	RewriteRule    /go/(.*)			http://www.apacheweek.com/$1

-- 
Andrey A. Chernov
<ache@nagual.pp.ru>
http://ache.pp.ru/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message