|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
suresync
gmail.com
Date: Sun Apr 29 2007 - 13:12:01 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
about.r OS and Progress version disclosure.
Because of poor security in webutil/about.r it is possible to view the OS and the Progress version of a remote webspeed server.
First you have to find the messenger execution url. For example:
http://yourmachine.com/scripts/cgiip.exe/WService=wsbroker1
http://yourmachine.com/scripts/wsisa.dll/WService=wsbroker1
just add the following to the url:
/webutil/about.r
your url will look like this:
http://yourmachine.com/scripts/cgiip.exe/WService=wsbroker1/webutil/about.r
Then you get a response displaying the OS version and the Progress version. This is usefull info for potential hackers.
This workes for all Progress releases.
http://www.ishare.nl
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]