At 19:35 12.01.2000 -0800, Lark Lizerman wrote: >WebSite Pro is also revealing the webdirectory of each Website by a simple command line. >This bug is similar to the "IIS revealing webdirectories" bug reported on >bugtraq. >On WebSitePro the diference ist the way you retrieve the path. Every version of website (1.x, 2.x) I've ever seen behaves like this in standard configuration. However you can avoid the revealing of webdirectories by installing either one of two freely available WSAPI extensions which then send out custom 404, 403 and 401 messages. For more information see http://software.oreilly.com/techsupport/kb/ website_kb_article_display_frame.cfm?ID_KBArticle=102 (url is wrapped!) btw: there is a similar tool for coldfusion called infusion but I can't find the URL right now. Hope this helps, Christoph Schneeberger cschnee \at\ telemedia.ch ____________________________________________________________________ Get your own FREE, personal Netscape WebMail account today at http://webmail.netscape.com.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:28:10 PDT