----- Original Message ----- From: "Paulo Ribeiro" <prrarat_private> To: <bugtraqat_private>; <vuln-devat_private> Sent: Saturday, December 22, 2001 11:53 PM Subject: WebSitePro format bug + (old) its path. [...BLA BLA BLA...] : Here's what we get: : 1 404 Not Found : 2 : 3 The requested URL was not found on this server: : 4 : 5 /*s?d : 6 : 7 (C:/WebSite/htdocs/*s?d) : : So, we have: : line 5: format bug. : line 7: format bug + its path. I don't think it is a FORMAT BUG anyway. Take a look: <14> unreal:~$ nc www.estacio.br 80 GET a_old_stupid_bug_from_iis.ida HTTP/1.0 HTTP/1.0 404 Not Found Date: Mon, 24 Dec 2001 14:39:26 GMT Server: WebSitePro/2.0.36 Accept-ranges: bytes Content-type: text/html Content-length: 255 <HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD> <BODY bgcolor="White"><H2>404 Not Found</H2> The requested URL was not found on this server:<P><CODE>a_old_stupid_bug_from_iis.ida<P>(C:/WebSite/htdocsa_old_stup id_bug_from_iis.ida)</CODE><P> </BODY></HTML> sent 44, rcvd 413 It looks like similar to IIS path revelation. PS: Win2k ISAKMP/IKE DoS at: http://nelson.wwsecurity.net/nb-isakmp.c Sem mais, -- Nelson Brito Independent Security Consultant
This archive was generated by hypermail 2b30 : Thu Dec 27 2001 - 10:30:47 PST