Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:16904
HistoryMay 02, 2007 - 12:00 a.m.

Flaw in about.r OS and Progress version disclosure

2007-05-0200:00:00
vulners.com
27
JSON

about.r OS and Progress version disclosure.

Because of poor security in webutil/about.r it is possible to view the OS and the Progress version of a remote webspeed server.

First you have to find the messenger execution url. For example:
http://yourmachine.com/scripts/cgiip.exe/WService=wsbroker1
http://yourmachine.com/scripts/wsisa.dll/WService=wsbroker1

just add the following to the url:
/webutil/about.r
your url will look like this:
http://yourmachine.com/scripts/cgiip.exe/WService=wsbroker1/webutil/about.r

Then you get a response displaying the OS version and the Progress version. This is usefull info for potential hackers.

This workes for all Progress releases.

http://www.ishare.nl

JSON