Bugtraq mailing list archives
WebSitePro/2.3.18 is revealing Webdirectories
From: webmaster () DOC2000 DE (Lark Lizerman)
Date: Wed, 12 Jan 2000 19:35:25 -0800
Dear Bugtraqers, Description: WebSite Pro is also revealing the webdirectory of each Website by a simple command line. This bug is similar to the "IIS revealing webdirectories" bug reported on bugtraq. On WebSitePro the diference ist the way you retrieve the path. Example: (Made with MS Windows Telnet Client) Logfile: -----------------------------------------------------------------------start------------------------------------------------------------------- GET /HTTP1.0\ <------ Our command we send via Telnet on port 80 to the webserver Response: Content-length: 186 <HTML><HEAD><TITLE>Document Moved</TITLE></HEAD> <BODY bgcolor="White"><H2>Docume nt Moved</H2> This document has moved <A HREF="http://www.akte.net/HTTP1.0/">here </A>.<P> </BODY></HTML> GET /HTTP1.0/ Content-length: 230 <HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD> <BODY bgcolor="White"><H2>404 Not Found</H2> The requested URL was not found on this server:<P><CODE>/HTTP1.0/<P>( D:\WEBROOTS\VHOSTS\aktenet\htdocs\HTTP1.0)</CODE><P> </BODY></HTML> -------------------------------------------------------------------end------------------------------------------------------------------- Here it shows us, that the HTML files are in D:\WEBROOTS\VHOSTS\aktenet\htdocs. It's not a large threat but an attacker might gain information about the server which should stay in Admin's hands. On all Webservers e.g. MS IIS and Apache the response is "error 404". -------cut------ Elias: I have some html in this mail, try to send it as clear text, as it is, please. Else people with html capable browsers will only get half of the logfile. Thx:-) ------cut------ ------------------------------- Lark Lizerman lizerman () doc2000 de -------------------------------
Current thread:
- Re: Anyone can take over virtually any domain on the net..., (continued)
- Re: Anyone can take over virtually any domain on the net... Jon Lewis (Jan 13)
- Re: Anyone can take over virtually any domain on the net... Jeffrey Paul (Jan 13)
- Re: Anyone can take over virtually any domain on the net... Chris Adams (Jan 13)
- Re: Anyone can take over virtually any domain on the net... Shafik Yaghmour (Jan 13)
- Re: Anyone can take over virtually any domain on the net... Nick Lamb (Jan 15)
- Re: Anyone can take over virtually any domain on the net... Kurt Seifried (Jan 13)
- Blinding BIND to a moving domain D. J. Bernstein (Jan 12)
- Re: Blinding BIND to a moving domain Ken Gourlay (Jan 12)
- CyberCash MCK 3.2.0.4: Large /tmp hole Sheldon Young (Jan 12)
- Administrivia: ORBS Elias Levy (Jan 12)
- WebSitePro/2.3.18 is revealing Webdirectories Lark Lizerman (Jan 12)
- Re: Hotmail security hole - injecting JavaScript using <IMG Grahame Bowland (Jan 05)
- Yet another Hotmail security hole - injecting JavaScript in IE using "@import url(javascript:...)" Georgi Guninski (Jan 06)
- Security Bulletins Digest Aleph One (Jan 06)
- Re: Hotmail security hole - injecting JavaScript using <IMG Dustin Miller (Jan 05)