Bugtraq mailing list archives
Re: WebSitePro/2.3.18 is revealing Webdirectories
From: webmaster () DOC2000 DE (Lark Lizerman)
Date: Thu, 13 Jan 2000 23:40:55 -0800
In case of an installed extension you have to call "GET /HTTP1.0 \", what bypasses it. My second posting according this describes how to bypass on the new version. This bug should be cared as serious as the IIS bug because on NT platform WebSitePro is _the_ optional Webserver to MS IIS greets Lark Lizerman lizerman () doc2000 de
Every version of website (1.x, 2.x) I've ever seen behaves like this in standard configuration. However you can avoid the revealing of
webdirectories
by installing either one of two freely available WSAPI extensions which
then
send out custom 404, 403 and 401 messages. For more information see http://software.oreilly.com/techsupport/kb/ website_kb_article_display_frame.cfm?ID_KBArticle=102 (url is wrapped!) btw: there is a similar tool for coldfusion called infusion but I can't
find
the URL right now. Hope this helps, Christoph Schneeberger cschnee \at\ telemedia.ch ____________________________________________________________________ Get your own FREE, personal Netscape WebMail account today at
http://webmail.netscape.com.
Current thread:
- Re: WebSitePro/2.3.18 is revealing Webdirectories Chris (Jan 13)
- Re: WebSitePro/2.3.18 is revealing Webdirectories Lark Lizerman (Jan 13)