Bugtraq mailing list archives
Re: WebSitePro/2.3.18 is revealing Webdirectories
From: tsx () NETSCAPE NET (Chris)
Date: Thu, 13 Jan 2000 23:35:01 MET
At 19:35 12.01.2000 -0800, Lark Lizerman wrote:
WebSite Pro is also revealing the webdirectory of each Website by a simple
command line.
This bug is similar to the "IIS revealing webdirectories" bug reported on bugtraq. On WebSitePro the diference ist the way you retrieve the path.
Every version of website (1.x, 2.x) I've ever seen behaves like this in standard configuration. However you can avoid the revealing of webdirectories by installing either one of two freely available WSAPI extensions which then send out custom 404, 403 and 401 messages. For more information see http://software.oreilly.com/techsupport/kb/ website_kb_article_display_frame.cfm?ID_KBArticle=102 (url is wrapped!) btw: there is a similar tool for coldfusion called infusion but I can't find the URL right now. Hope this helps, Christoph Schneeberger cschnee \at\ telemedia.ch ____________________________________________________________________ Get your own FREE, personal Netscape WebMail account today at http://webmail.netscape.com.
Current thread:
- Re: WebSitePro/2.3.18 is revealing Webdirectories Chris (Jan 13)
- Re: WebSitePro/2.3.18 is revealing Webdirectories Lark Lizerman (Jan 13)