Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 2000-01

Bugtraq Archives: Re: WebSitePro/2.3.18 is revealing Webdirect

Re: WebSitePro/2.3.18 is revealing Webdirectories

Subject: Re: WebSitePro/2.3.18 is revealing Webdirectories
From: Chris (tsxNETSCAPE.NET)
Date: Thu Jan 13 2000 - 16:35:01 CST

Next message: Ryan Russell: "Re: Anyone can take over virtually any domain on the net..."
Previous message: Xander Teunissen: "Fwd: Crash identified in Notes, Domino, and MTA with Date Conversio ns"
Maybe in reply to: Lark Lizerman: "WebSitePro/2.3.18 is revealing Webdirectories"
Next in thread: Lark Lizerman: "Re: WebSitePro/2.3.18 is revealing Webdirectories"
Maybe reply: Chris: "Re: WebSitePro/2.3.18 is revealing Webdirectories"
Reply: Lark Lizerman: "Re: WebSitePro/2.3.18 is revealing Webdirectories"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

At 19:35 12.01.2000 -0800, Lark Lizerman wrote:

>WebSite Pro is also revealing the webdirectory of each Website by a simple
command line.
>This bug is similar to the "IIS revealing webdirectories" bug reported on
>bugtraq.
>On WebSitePro the diference ist the way you retrieve the path.

Every version of website (1.x, 2.x) I've ever seen behaves like this in
standard configuration. However you can avoid the revealing of webdirectories
by installing either one of two freely available WSAPI extensions which then
send out custom 404, 403 and 401 messages.

For more information see

http://software.oreilly.com/techsupport/kb/
website_kb_article_display_frame.cfm?ID_KBArticle=102
(url is wrapped!)

btw: there is a similar tool for coldfusion called infusion but I can't find
the URL right now.

Hope this helps,
Christoph Schneeberger
cschnee \at\ telemedia.ch

____________________________________________________________________
Get your own FREE, personal Netscape WebMail account today at http://webmail.netscape.com.

Next message: Ryan Russell: "Re: Anyone can take over virtually any domain on the net..."
Previous message: Xander Teunissen: "Fwd: Crash identified in Notes, Domino, and MTA with Date Conversio ns"
Maybe in reply to: Lark Lizerman: "WebSitePro/2.3.18 is revealing Webdirectories"
Next in thread: Lark Lizerman: "Re: WebSitePro/2.3.18 is revealing Webdirectories"
Maybe reply: Chris: "Re: WebSitePro/2.3.18 is revealing Webdirectories"
Reply: Lark Lizerman: "Re: WebSitePro/2.3.18 is revealing Webdirectories"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b27 : Fri Jan 14 2000 - 22:17:30 CST