These vulnerabilities were found / tested on: WebCollection Plus (TM) Copyright 2001 Follett Software Company Version 5.00 Revision 12-01-A Dec 19 2001 Program protects from reading other non-webserver accessible files by checking for a : or excessive .'s in a string. If the URL has a / at the beginning, it has the affect of reading from C:\ for example, to read C:\bootlog.txt the URL to use is something like http://vulnerableserver/wx/s.dll?d=/bootlog.txt Found the latest version revision is 5.05, but could not find a 5.05 copy to test on. Manufacturer of program was contacted by Phone, and the vulnerability was reported to them. Follet Software has not replied concerning not being submitted to bugtraq, so I have to assume they do not care. f0urtyfive www.ceteranet.com
