Google
Current archive: September 23, 2017
Testing Optionsbleed
Written on:September 23, 2017
Introduction I took a few minutes to test the Optionsbleed vuln (CVE-2017-9798), specifically to see whether modifying the length and/or quantity of Options/Methods in the .htaccess file would enable me to extract anything of substance from memory. Ultimately it seems that by modifying the length of the entries in the .htaccess file, I was able to gain access to hundreds of bytes of POST data of a different virtual host. Note: Since originally…
Read more...In category: Exploits, Web Security
Tags:apache , CVE-2017-9798 , exploit , htaccess , Optionsbleed , vulnerability
Tags:apache , CVE-2017-9798 , exploit , htaccess , Optionsbleed , vulnerability
are closed