thx for your feedback. But not all of your comments are right. First I wrote this in the advisory:
[qoute] The vendor has reportedly been notified. But the vendor told us that is an old bug. We don't think so. [/ qoute]
Alright perhaps next time it will be better to mention the url of the old bug. And of course it is an "another form of the old bug" but did you really read the old advisory? For example the recommended solution?
[quote] * taken from http://securityfocus.com/archive/1/318775 *
.....:[ Vendor Status :
14/04/03 Initial Contact Made 15/04/03 Vendor Responded 15/04/03 Vendor Released Updated Version
.....:[ Solution :
Remove old iWeb application and download and install the updated version which can be found at:
http://ashleybrown.co.uk/downloads/iws2.exe [/qoute]
And this is the point. We tested the "safe" iWeb Server2 and still found this bug. So we don't think that it is fixed. Because of the reaction of the vendor we deceided to post this here.
And of course thanks for hints to posidron's "work". He "rebuilded" this tool with the help of your hints.
Have a lot of fun
Rushjo
