[13326] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post
WebSitePro/2.3.18 is revealing Webdirectories

daemon@ATHENA.MIT.EDU (Lark Lizerman)
Thu Jan 13 14:15:37 2000

Mime-Version: 1.0
Content-Type: multipart/alternative;
              boundary="----=_NextPart_000_005B_01BF5D34.2C3C5FE0"
Message-Id:  <005e01bf5d77$3c1ba7c0$e75dac98@u1u7p1>
Date:         Wed, 12 Jan 2000 19:35:25 -0800
Reply-To: Lark Lizerman <webmaster@DOC2000.DE>
From: Lark Lizerman <webmaster@DOC2000.DE>
X-To:         BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM

This is a multi-part message in MIME format.

------=_NextPart_000_005B_01BF5D34.2C3C5FE0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Dear Bugtraqers,

Description:

WebSite Pro is also revealing the webdirectory of each Website by a =
simple command line.
This bug is similar to the "IIS revealing webdirectories" bug reported =
on bugtraq.
On WebSitePro the diference ist the way you retrieve the path.


Example:

(Made with MS Windows Telnet Client)


Logfile:

-----------------------------------------------------------------------st=
art-------------------------------------------------------------------
GET /HTTP1.0\    <------ Our command we send via Telnet on port 80 to =
the webserver


Response:

Content-length: 186
=20
<HTML><HEAD><TITLE>Document Moved</TITLE></HEAD>
                                                <BODY =
bgcolor=3D"White"><H2>Docume
nt Moved</H2>
             This document has moved <A =
HREF=3D"http://www.akte.net/HTTP1.0/">here
</A>.<P>
        </BODY></HTML>
GET /HTTP1.0/
Content-length: 230
=20
<HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD>
                                               <BODY =
bgcolor=3D"White"><H2>404 Not
 Found</H2>
           The requested URL was not found on this =
server:<P><CODE>/HTTP1.0/<P>(
D:\WEBROOTS\VHOSTS\aktenet\htdocs\HTTP1.0)</CODE><P>
                                                    </BODY></HTML>


-------------------------------------------------------------------end---=
----------------------------------------------------------------


Here it shows us, that the HTML files are in =
D:\WEBROOTS\VHOSTS\aktenet\htdocs.
It's not a large threat but an attacker might  gain information about =
the server which should stay
in Admin's hands. On all Webservers e.g. MS IIS and Apache the response =
is "error 404".

-------cut------
Elias: I have some html in this mail, try to send it as clear text, as =
it is, please.
Else people with html capable browsers will only get half of the =
logfile.
Thx :-)
------cut------
-------------------------------
Lark Lizerman

lizerman@doc2000.de
-------------------------------

------=_NextPart_000_005B_01BF5D34.2C3C5FE0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=3D"text/html; charset=3Diso-8859-1" =
http-equiv=3DContent-Type>
<META content=3D"MSHTML 5.00.2722.2800" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#fffff0>
<DIV><FONT face=3DArial size=3D2>Dear Bugtraqers,</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Description:</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>WebSite Pro is also revealing the =
webdirectory of=20
each Website by a simple command line.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>This bug is similar to the "IIS =
revealing=20
webdirectories" bug reported on bugtraq.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>On WebSitePro the diference ist the way =
you=20
retrieve the path.</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Example:</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>(Made with MS Windows Telnet =
Client)</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Logfile:</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial=20
size=3D2>----------------------------------------------------------------=
-------start-------------------------------------------------------------=
------</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>GET /HTTP1.0\&nbsp;&nbsp;&nbsp; =
&lt;------ Our=20
command we send via Telnet on port 80 to the webserver<BR></FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Response:</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Content-length:=20
186<BR>&nbsp;<BR>&lt;HTML&gt;&lt;HEAD&gt;&lt;TITLE&gt;Document=20
Moved&lt;/TITLE&gt;&lt;/HEAD&gt;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;=20
&lt;BODY bgcolor=3D"White"&gt;&lt;H2&gt;Docume<BR>nt=20
Moved&lt;/H2&gt;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;=20
This document has moved &lt;A=20
HREF=3D"http://www.akte.net/HTTP1.0/"&gt;here<BR>&lt;/A&gt;.&lt;P&gt;<BR>=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
&lt;/BODY&gt;&lt;/HTML&gt;<BR>GET /HTTP1.0/<BR>Content-length:=20
230<BR>&nbsp;<BR>&lt;HTML&gt;&lt;HEAD&gt;&lt;TITLE&gt;404 Not=20
Found&lt;/TITLE&gt;&lt;/HEAD&gt;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;=20
&lt;BODY bgcolor=3D"White"&gt;&lt;H2&gt;404=20
Not<BR>&nbsp;Found&lt;/H2&gt;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;=20
The requested URL was not found on this=20
server:&lt;P&gt;&lt;CODE&gt;/HTTP1.0/&lt;P&gt;(<BR>D:\WEBROOTS\VHOSTS\akt=
enet\htdocs\HTTP1.0)&lt;/CODE&gt;&lt;P&gt;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
&lt;/BODY&gt;&lt;/HTML&gt;</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial=20
size=3D2>----------------------------------------------------------------=
---end-------------------------------------------------------------------=
</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Here it shows us, that the HTML files =
are in=20
D:\WEBROOTS\VHOSTS\aktenet\htdocs.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>It's not a large threat but an attacker =
might&nbsp;=20
gain information about the server which should stay</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>in Admin's hands. =
On&nbsp;all&nbsp;Webservers e.g.=20
MS IIS and Apache the response is "error 404".</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>-------cut------</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Elias: I have some html in this mail, =
try to send=20
it as clear text, as it is, please.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Else people with html capable browsers =
will only=20
get half of the logfile.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Thx :-)</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>------cut------</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>-------------------------------<BR>Lark =

Lizerman<BR><BR><A=20
href=3D"mailto:lizerman@doc2000.de">lizerman@doc2000.de</A><BR>----------=
---------------------</FONT></DIV></BODY></HTML>

------=_NextPart_000_005B_01BF5D34.2C3C5FE0--

home	help	back	first	fref	pref	prev	next	nref	lref	last	post
[13326] in bugtraq

WebSitePro/2.3.18 is revealing Webdirectories

daemon@ATHENA.MIT.EDU (Lark Lizerman)Thu Jan 13 14:15:37 2000

daemon@ATHENA.MIT.EDU (Lark Lizerman)
Thu Jan 13 14:15:37 2000
