Penetration Testing mailing list archives
Rational Requisite Web shows location of projects in html
From: Mads Rasmussen <mads () cit com br>
Date: Mon, 30 Jul 2001 16:25:53 -0300
Anyone knows the Requisite Web product from Rational? It's like Requisite Pro viewing online (something like that) It appears that it saves the physical location of the project files (.rqs) in HTML option values, like this: <OPTION VALUE="E:\projects\name\teste\Requirements\ReqPro\Reqpro.rqs">Project teste </OPTION> I was doing a pentest of a IIS4/NT4 machine with ReqWeb installed and found this. I guess if you could succesfully apply a remote exploit you could read or download all project files. All of which are confidential. They have enabled access via internet but with apache on a linux machine in front. The fact that they have apache in front breaks the unicode bugs for IIS, but I am not convinced that there may exist another way to attack the machine. I have tried to gain access using some exploits for unicode and RDS but have failed, which is pleasing but I am not really convinced. I have explained them that installing patches is the best solution, but they rather not touch the system and feel secure when apache is running in front. I would like to show them that they are still vulnerable, that apache in front is false security. Anyone have an idea how to help? Regards, Mads Rasmussen Ci&T Systems Ltda. (www.cit.com.br) ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Rational Requisite Web shows location of projects in html Mads Rasmussen (Jul 30)
- Message not available
- Re: Rational Requisite Web shows location of projects in html Mads Rasmussen (Jul 31)
- Message not available