[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: Flaw in about.r OS and Progress version disclosure
From: suresync () gmail ! com
Date: 2007-04-29 18:12:01
Message-ID: 20070429181201.6468.qmail () securityfocus ! com
[Download RAW message or body]
about.r OS and Progress version disclosure.
Because of poor security in webutil/about.r it is possible to view the OS and the \
Progress version of a remote webspeed server.
First you have to find the messenger execution url. For example:
http://yourmachine.com/scripts/cgiip.exe/WService=wsbroker1
http://yourmachine.com/scripts/wsisa.dll/WService=wsbroker1
just add the following to the url:
/webutil/about.r
your url will look like this:
http://yourmachine.com/scripts/cgiip.exe/WService=wsbroker1/webutil/about.r
Then you get a response displaying the OS version and the Progress version. This is \
usefull info for potential hackers.
This workes for all Progress releases.
http://www.ishare.nl
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic