Bugtraq mailing list archives

WebServer Pro All Version Vulnerability

From: Roberto Moreno <mroberto98 () YAHOO COM>
Date: Fri, 16 Mar 2001 14:44:36 -0800

WebServer Pro All Version Vulnerability

Wildman
wildman () hackcanada com
mroberto98 () yahoo com

__________________________________________________
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail.
http://personal.mail.yahoo.com/

-- WebSite Pro 2.5.4/all versions Vulnerability -- March 15, 2001

Website Pro, all versions, reveals the web directory with a simple

character similar to the past vulnerability but all have been fixed

except this one.

Example:

www.target.com/:/              <-this will reveal the exact location
                                

403 Forbidden
File for URL /:/ (E:\webdir\:) cannot be accessed:
   The filename, directory name, or volume label syntax is incorrect.

(code=123)

No fix yet.


~~~~~~~~~~~~~~~~~~~~
Wildman
www.hackcanada.com
wildman () hackcanada com

Current thread:

WebServer Pro All Version Vulnerability Roberto Moreno (Mar 19)
- Re: WebServer Pro All Version Vulnerability Fab Siciliano (Mar 21)
- <Possible follow-ups>
- Re: WebServer Pro All Version Vulnerability Eric D. Williams (Mar 23)