Anyone knows the Requisite Web product from Rational? It's like Requisite Pro viewing online (something like that) It appears that it saves the physical location of the project files (.rqs) in HTML option values, like this: <OPTION VALUE="E:\projects\name\teste\Requirements\ReqPro\Reqpro.rqs">Project teste </OPTION> I was doing a pentest of a IIS4/NT4 machine with ReqWeb installed and found this. I guess if you could succesfully apply a remote exploit you could read or download all project files. All of which are confidential. They have enabled access via internet but with apache on a linux machine in front. The fact that they have apache in front breaks the unicode bugs for IIS, but I am not convinced that there may exist another way to attack the machine. I have tried to gain access using some exploits for unicode and RDS but have failed, which is pleasing but I am not really convinced. I have explained them that installing patches is the best solution, but they rather not touch the system and feel secure when apache is running in front. I would like to show them that they are still vulnerable, that apache in front is false security. Anyone have an idea how to help? Regards, Mads Rasmussen Ci&T Systems Ltda. (www.cit.com.br) ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Mon Jul 30 2001 - 16:11:39 PDT