Re: WebSitePro/2.3.18 is revealing Webdirectories

[tsx () NETSCAPE NET (Chris)]

At 19:35 12.01.2000 -0800, Lark Lizerman wrote: 
  
> WebSite Pro is also revealing the webdirectory of each Website by a simple
command line.
> This bug is similar to the "IIS revealing webdirectories" bug reported on
> bugtraq.
> On WebSitePro the diference ist the way you retrieve the path.
  
Every version of website (1.x, 2.x) I've ever seen behaves like this in
standard configuration. However you can avoid the revealing of webdirectories
by installing either one of two freely available WSAPI extensions which then
send out custom 404, 403 and 401 messages.

For more information see 

http://software.oreilly.com/techsupport/kb/
website_kb_article_display_frame.cfm?ID_KBArticle=102
(url is wrapped!)

btw: there is a similar tool for coldfusion called infusion but I can't find
the URL right now.

Hope this helps,
Christoph Schneeberger
cschnee \at\ telemedia.ch

____________________________________________________________________
Get your own FREE, personal Netscape WebMail account today at http://webmail.netscape.com.