Vulnerabilities

[Blac]

So, I found a vulnerability in a website, that has been documented and has a CVE and everything, but I can't find proof-of-exploit code or methods of exploiting or anything anywhere, underground or not. Anyone have tips on finding exploit code?

After I figure out how to exploit this dumb vulnerability I was planning on programming an automated exploit tool that just requires the URL to automatically exploit it, and I could release it here if you guys want. I've done it with a few other vulnerabilities, but this one is particularly annoying to me.

The exploit in question is CVE-2006-3747.

Thanks guys!

[GAMEchief]

Doesn't look too special. It's only valid on 3 versions of Apache and under extremely coincidental circumstances that you can't measure without being the owner of the website.

For finding the specific versions, you're probably best Googling the default Apache directory handler with the affected Apache version numbers (1.3.29, 2.0.x, and 2.2.x). Then, since you'll know the version is correct, test to see if they are using mod_rewrite on their website. If they are, try exploiting.

I didn't really look in depth on there as to how to do the exploit, but whatever.

You can also do one of those domain lookups that compares the IP of a website to the IPs of other websites in order to tell you which are hosted on the same server (i.e. use the same version of Apache).