Bugtraq mailing list archives

Re: WebSitePro/2.3.18 is revealing Webdirectories

From: webmaster () DOC2000 DE (Lark Lizerman)
Date: Thu, 13 Jan 2000 23:40:55 -0800


In case of an installed extension you have to call "GET /HTTP1.0 \", what
bypasses it.
My second posting according this describes how to bypass on the new version.
This bug should be cared as serious as the IIS bug because on NT platform
WebSitePro is _the_ optional Webserver to MS IIS

greets

Lark Lizerman
lizerman () doc2000 de

Every version of website (1.x, 2.x) I've ever seen behaves like this in
standard configuration. However you can avoid the revealing of

webdirectories

by installing either one of two freely available WSAPI extensions which

then

send out custom 404, 403 and 401 messages.

For more information see

http://software.oreilly.com/techsupport/kb/
website_kb_article_display_frame.cfm?ID_KBArticle=102
(url is wrapped!)

btw: there is a similar tool for coldfusion called infusion but I can't

find

the URL right now.

Hope this helps,
Christoph Schneeberger
cschnee \at\ telemedia.ch



____________________________________________________________________
Get your own FREE, personal Netscape WebMail account today at

http://webmail.netscape.com.

Current thread:

Re: WebSitePro/2.3.18 is revealing Webdirectories Chris (Jan 13)
- Re: WebSitePro/2.3.18 is revealing Webdirectories Lark Lizerman (Jan 13)