Rational Requisite Web shows location of projects in html

From: Mads Rasmussen (mads@cit.com.br)
Date: 07/30/01 

Message-Id: <200107301925.f6UJPSP27331@cit.com.br>
From: Mads Rasmussen <mads@cit.com.br>
To: pen-test@securityfocus.com
Subject: Rational Requisite Web shows location of projects in html
Date: Mon, 30 Jul 2001 16:25:53 -0300

Anyone knows the Requisite Web product from Rational?

It's like Requisite Pro viewing online (something like that)

It appears that it saves the physical location of the project files (.rqs) in
HTML option values, like this:

<OPTION VALUE="E:\projects\name\teste\Requirements\ReqPro\Reqpro.rqs">Project
teste
</OPTION>

I was doing a pentest of a IIS4/NT4 machine with ReqWeb installed and found
this. I guess if you could succesfully apply a remote exploit you could read
or download all project files. All of which are confidential.

They have enabled access via internet but with apache on a linux machine in
front.

The fact that they have apache in front breaks the unicode bugs for IIS, but
I am not convinced that there may exist another way to attack the machine.
I have tried to gain access using some exploits for unicode and RDS but have
failed, which is pleasing but I am not really convinced.

I have explained them that installing patches is the best solution, but they
rather not touch the system and feel secure when apache is running in front.

I would like to show them that they are still vulnerable, that apache in
front is false security.

Anyone have an idea how to help?

Regards,

Mads Rasmussen
Ci&T Systems Ltda. (www.cit.com.br)

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Relevant Pages