Related information Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) [ECHO_ADV_81$2007] wordpress plugins wordTube <= 1.43 (wpPATH) Remote File Inclusion Vulnerability [ECHO_ADV_82$2007] wordpress plugins wp-Table <= 1.43 (inc_dir) Remote File Inclusion Vulnerability Sendcard (sendcard.php) Sendcard Local File Inclusion Vulnerability Wordpress plugin myflash <= V1.00 (wppath) RFI Vulnerability From:suresync_(at)_gmail.com <suresync_(at)_gmail.com> Date:02.05.2007Subject:Flaw in about.r OS and Progress version disclosureabout.r OS and Progress version disclosure. Because of poor security in webutil/about.r it is possible to view the OS and the Progress version of a remote webspeed server. First you have to find the messenger execution url. For example: http://yourmachine.com/scripts/cgiip.exe/WService=wsbroker1 http://yourmachine.com/scripts/wsisa.dll/WService=wsbroker1 just add the following to the url: /webutil/about.r your url will look like this: http://yourmachine.com/scripts/cgiip.exe/WService=wsbroker1/webutil/about.r Then you get a response displaying the OS version and the Progress version. This is usefull info for potential hackers. This workes for all Progress releases. http://www.ishare.nl
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
[ECHO_ADV_81$2007] wordpress plugins wordTube <= 1.43 (wpPATH) Remote File Inclusion Vulnerability
[ECHO_ADV_82$2007] wordpress plugins wp-Table <= 1.43 (inc_dir) Remote File Inclusion Vulnerability
Sendcard (sendcard.php) Sendcard Local File Inclusion Vulnerability
Wordpress plugin myflash <= V1.00 (wppath) RFI Vulnerability
