On Fri, 18 Feb 2000, GALES,SIMON (Non-A-ColSprings,ex1) wrote:
I was able to reporduce this on a PWS installation under Win98
second edition.
Jeff Dafoe
System Administrator
Evolution Communications, Inc.
> Does this only occur on Win9x? Has anyone been able to reproduce this?
> Jan, which OS/SP were you running?
>
> I vaguely remember some discussion (in BugTraq or NTBugTraq maybe?) about
> using "..." and/or "...." from the command prompt, and this is probably tied
> to that problem.
>
> G. Simon Gales
> [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
>
> -----Original Message-----
> From: Jan van de Rijt [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, February 15, 2000 6:16 PM
> To: [EMAIL PROTECTED]
> Subject: Doubledot bug in FrontPage FrontPage Personal Web Server.
>
>
> Description: Doubledot bug in FrontPage FrontPage Personal Web Server.
> Compromise: Accessing drive trough browser.
> Vulnerable Systems: Frontpage-PWS32/3.0.2.926 other versions not tested.
> Details:
> When FrontPage-PWS runs a site on your c:\ drive your drive could be
> accessed by any user accessing your page, simply by requesting any file in
> any directory except the files in the FrontPage dir. specially /_vti_pvt/.
>
> How to exploit this bug?
> Simply adding /..../ in the URL addressbar.
>
> http://www.target.com/..../ <http://www.target.com/..../<>
> <any_dir>/<any_file>
>
