[13349] in bugtraq
Re: WebSitePro/2.3.18 is revealing Webdirectories
daemon@ATHENA.MIT.EDU (Chris)
Fri Jan 14 22:12:44 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Message-Id: <20000113223501.17695.qmail@wwcst212.netaddress.usa.net>
Date: Thu, 13 Jan 2000 23:35:01 MET
Reply-To: Chris <tsx@NETSCAPE.NET>
From: Chris <tsx@NETSCAPE.NET>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
Content-Transfer-Encoding: 8bit
At 19:35 12.01.2000 -0800, Lark Lizerman wrote:
>WebSite Pro is also revealing the webdirectory of each Website by a simple
command line.
>This bug is similar to the "IIS revealing webdirectories" bug reported on
>bugtraq.
>On WebSitePro the diference ist the way you retrieve the path.
Every version of website (1.x, 2.x) I've ever seen behaves like this in
standard configuration. However you can avoid the revealing of webdirectories
by installing either one of two freely available WSAPI extensions which then
send out custom 404, 403 and 401 messages.
For more information see
http://software.oreilly.com/techsupport/kb/
website_kb_article_display_frame.cfm?ID_KBArticle=102
(url is wrapped!)
btw: there is a similar tool for coldfusion called infusion but I can't find
the URL right now.
Hope this helps,
Christoph Schneeberger
cschnee \at\ telemedia.ch
____________________________________________________________________
Get your own FREE, personal Netscape WebMail account today at http://webmail.netscape.com.
