[19708] in bugtraq
WebServer Pro All Version Vulnerability
daemon@ATHENA.MIT.EDU (Roberto Moreno)
Mon Mar 19 17:36:29 2001
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="0-590145139-984782676=:35573"
Message-ID: <20010316224436.35591.qmail@web9604.mail.yahoo.com>
Date: Fri, 16 Mar 2001 14:44:36 -0800
Reply-To: Roberto Moreno <mroberto98@YAHOO.COM>
From: Roberto Moreno <mroberto98@YAHOO.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
--0-590145139-984782676=:35573
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
WebServer Pro All Version Vulnerability
Wildman
wildman@hackcanada.com
mroberto98@yahoo.com
__________________________________________________
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail.
http://personal.mail.yahoo.com/
--0-590145139-984782676=:35573
Content-Type: text/plain; name="website.txt"
Content-Description: website.txt
Content-Disposition: inline; filename="website.txt"
-- WebSite Pro 2.5.4/all versions Vulnerability -- March 15, 2001
Website Pro, all versions, reveals the web directory with a simple
character similar to the past vulnerability but all have been fixed
except this one.
Example:
www.target.com/:/ <-this will reveal the exact location
403 Forbidden
File for URL /:/ (E:\webdir\:) cannot be accessed:
The filename, directory name, or volume label syntax is incorrect.
(code=123)
No fix yet.
~~~~~~~~~~~~~~~~~~~~
Wildman
www.hackcanada.com
wildman@hackcanada.com
--0-590145139-984782676=:35573--
