[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
- read forum
- new topic
- search

- meetings list
- recent additions
- add your info
 top 100 sites
- visit top sites
- sign up now
- members

- add your url
- add domain
- search box
- link to us

- our projects
- free email
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : WebSite Pro 2.3.7 Vulnerability

Title: WebSite Pro 2.3.7 Vulnerability
Released by: Crono
Date: 24th August 2000
Printable version: Click here
-- WebSite Pro 2.3.7 Vulnerability --

WebSite Pro is a Web Server for Win95/98/NT plataforms.

The vulnerability (or bad server administration) allow any user

to create arbitrary files with arbitrary text on the victim machine,


the Internet Web Browser.

By a default installation any user can create or uploads files to the

victim machine running a vulnerable version of WebSite Pro. The problem

is a bad "protection access" of the main directories on the machine.

In a default installation, WebServer Pro, create on him root directory


next directories readables (by default) from any user:





The problem is in the aplication called "uploader.exe" located on


directory. In other versiones of WebSite Pro this directory is unable to

read from any user, but in these version, WebServer fail when check the

roots directories and the proper web-html directories.

For example, if we install WebServer Pro in c:\website, WebServer






with various information and aplications inside.

We must choose a directory for own we web page (by default in

c:\website\htdocs), but, in these example, we will install we root

web directory in c:\mywebs\libros, so we have we index.html in

c:\mywebs\libros\index.html. In these directory only reside the

web page files, not cgi-win or other cgi directory...

Well, if we connect to the web server using a normal Internet Explorer,


we try to read a file that not exist in the directory, we find this

error message:


GET www.victim.com/foo

404 Not Found

The requested URL was not found on this server:




How we can see, WebServer revealed the real path of the webserver.

(Vulnerability published various mouths ago)

But if we try to access to cgi-win directory, automatically

and "magically" the

WebServer redirect us to the real cgi-win directory, located in




GET www.victim.com/cgi-win

404 Not Found

The requested URL was not found on this server:




How we can see, the WebServer say us that these directory dosnīt


but if we try to ejecute the default aplicacion "uploader.exe" located

in real cgi-win directory...


GET www.victim.com/cgi-win/uploader.exe

WopS! we enter in a cgi web page that allow us to upload any file in

we machine to the remote machine.

This error in readable directories, is the same for cgi-shl and cgi-src.

In other version, if you define your root directories as


you cannīt upload to parent directories and cannīt change to cgi-win

real directory.


Change the permisions of cgi-win and other cgi

directories, or deleting uploader.exe.

I found these bug in WebServer Pro 2.3.7 version, I donīt know if early

versions are vulnerable too, but in 2.3.3 version, these bug donīt


Sorry for my english...


Bug found by Crono (Hispano Scene) crono@thepentagon.com

Aprovecho para saludar a la peņa de #phreak, #hacker_novatos,

#hacking, y #hpcv.

24-8-2000 (Spain)


(C) 1999-2000 All rights reserved.