Actually, you can request ANY file that doesn't exist....and recieve the
same error.....just for the sake of tryin', i typed in:
http://vulnerable.server.com/html.html and got the path to the file, I guess
it's your typical Path Disclosure vulnerability. Not sure about a patch on
this one.
----- Original Message -----
From: Roberto Moreno <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, March 16, 2001 5:44 PM
Subject: WebServer Pro All Version Vulnerability
> WebServer Pro All Version Vulnerability
>
> Wildman
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
>
> __________________________________________________
> Do You Yahoo!?
> Get email at your own domain with Yahoo! Mail.
> http://personal.mail.yahoo.com/
----------------------------------------------------------------------------
----
> -- WebSite Pro 2.5.4/all versions Vulnerability -- March 15, 2001
>
> Website Pro, all versions, reveals the web directory with a simple
>
> character similar to the past vulnerability but all have been fixed
>
> except this one.
>
> Example:
>
> www.target.com/:/ <-this will reveal the exact location
>
>
> 403 Forbidden
> File for URL /:/ (E:\webdir\:) cannot be accessed:
> The filename, directory name, or volume label syntax is incorrect.
>
> (code=123)
>
> No fix yet.
>
>
> ~~~~~~~~~~~~~~~~~~~~
> Wildman
> www.hackcanada.com
> [EMAIL PROTECTED]
