Description: Doubledot bug in FrontPage FrontPage
Personal Web Server.
Compromise: Accessing drive trough browser. Vulnerable Systems: Frontpage-PWS32/3.0.2.926 other versions not tested. Details: When FrontPage-PWS runs a site on your c:\ drive your drive could be accessed by any user accessing your page, simply by requesting any file in any directory except the files in the FrontPage dir. specially /_vti_pvt/. How to exploit this bug?
Simply adding /..../ in the URL addressbar. http://www.target.com/..../<any_dir>/<any_file>
so by requesting http://www.target.com/..../Windows/Admin.pwl the
webserver let us download the .pwl file from the target.
Files and dirs. with the hidden attribute set are
vulnerable.
Solution:
The best solution is installing FrontPage on a drive that doesn't contain Private information. Greetings,
Jan van de Rijt aka The
Warlock.
|
- Re: Doubledot bug in FrontPage FrontPag... Jan van de Rijt
- Re: Doubledot bug in FrontPage Fro... KOJIMA Hajime
- Re: Doubledot bug in FrontPage Fro... GALES,SIMON (Non-A-ColSprings,ex1)
- Re: Doubledot bug in FrontPage... Jeff Dafoe
- Re: Doubledot bug in FrontPage... Alexander Kiwerski