Bugtraq mailing list archives
Re: WebServer Pro All Version Vulnerability
From: Fab Siciliano <fsiciliano () EARTHLINK NET>
Date: Tue, 20 Mar 2001 13:44:25 -0500
Actually, you can request ANY file that doesn't exist....and recieve the same error.....just for the sake of tryin', i typed in: http://vulnerable.server.com/html.html and got the path to the file, I guess it's your typical Path Disclosure vulnerability. Not sure about a patch on this one. ----- Original Message ----- From: Roberto Moreno <mroberto98 () YAHOO COM> To: <BUGTRAQ () SECURITYFOCUS COM> Sent: Friday, March 16, 2001 5:44 PM Subject: WebServer Pro All Version Vulnerability
WebServer Pro All Version Vulnerability Wildman wildman () hackcanada com mroberto98 () yahoo com __________________________________________________ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/
---------------------------------------------------------------------------- ----
-- WebSite Pro 2.5.4/all versions Vulnerability -- March 15, 2001 Website Pro, all versions, reveals the web directory with a simple character similar to the past vulnerability but all have been fixed except this one. Example: www.target.com/:/ <-this will reveal the exact location 403 Forbidden File for URL /:/ (E:\webdir\:) cannot be accessed: The filename, directory name, or volume label syntax is incorrect. (code=123) No fix yet. ~~~~~~~~~~~~~~~~~~~~ Wildman www.hackcanada.com wildman () hackcanada com
Current thread:
- WebServer Pro All Version Vulnerability Roberto Moreno (Mar 19)
- Re: WebServer Pro All Version Vulnerability Fab Siciliano (Mar 21)
- <Possible follow-ups>
- Re: WebServer Pro All Version Vulnerability Eric D. Williams (Mar 23)