SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   WebSite Pro Vendors:   O'Reilly
O'Reilly's WebSite Pro Contains A Vulnerability That Reveals the Physical Path of the Web Directory to Remote Users
SecurityTracker Alert ID:  1001121
SecurityTracker URL:  http://securitytracker.com/id/1001121
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Updated:  Sep 3 2001
Original Entry Date:  Mar 20 2001
Impact:   Disclosure of user information
Exploit Included:  Yes  
Version(s): 2.5.4
Description:   A vulnerability was reported in O'Reilly's WebSite Pro 2.5.4 that reveals the physical location of the web directory.

Note that similar vulnerabilities in the past have been fixed, with the exception of this one. Also note that on March 6, 2001, Tim O'Reilly announced that O'Reilly software will not continue with further development of its products, but that its products will continue to be supported and sold.

The URL: www.[target_host_goes_here].com/:/ will reveal the exact location of the directory:

403 Forbidden
File for URL /:/ (E:\webdir\:) cannot be accessed:
The filename, directory name, or volume label syntax is incorrect.

(code=123)

Impact:   A remote user can determine the physical path of the web directory on the server.
Solution:   No vendor solution was available at the time of this entry.

A user provided the following workaround: Install custom error pages (CEP). When a remote user triggers an error (e.g., 404 Not Found, 403 Forbidden), the web server can redirect to another page instead of using the standard error page that displays the actual web root path.

Vendor URL:  website.oreilly.com/ (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (NT), Windows (98), Windows (2000)

Message History:   None.


 Source Message Contents

Subject:  WebServer Pro All Version Vulnerability


--0-590145139-984782676=:35573
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

WebServer Pro All Version Vulnerability

Wildman
wildman@hackcanada.com
mroberto98@yahoo.com

__________________________________________________
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail.
http://personal.mail.yahoo.com/
--0-590145139-984782676=:35573
Content-Type: text/plain; name="website.txt"
Content-Description: website.txt
Content-Disposition: inline; filename="website.txt"

-- WebSite Pro 2.5.4/all versions Vulnerability -- March 15, 2001

Website Pro, all versions, reveals the web directory with a simple

character similar to the past vulnerability but all have been fixed

except this one.

Example:

www.target.com/:/              <-this will reveal the exact location
				

403 Forbidden
File for URL /:/ (E:\webdir\:) cannot be accessed:
   The filename, directory name, or volume label syntax is incorrect.

(code=123)

No fix yet.


~~~~~~~~~~~~~~~~~~~~
Wildman
www.hackcanada.com
wildman@hackcanada.com
--0-590145139-984782676=:35573--

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC