OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Bugtraq archives for 2nd quarter (Apr-Jun) 1998: Leveraging search engines against Frontpage enabled servers

Leveraging search engines against Frontpage enabled servers

frank darden (fdardenLOCKED.COM)
Sun, 26 Apr 1998 14:46:32 -0400

Although this isnt really much more than a human bug, I thought I would
share the following information.

After reading some of the above posts, a friend decided to load up
FrontPage Editor, in an effort to seek out vulnerable sites. He did a
search on _vti_inf.html to get a list of some Frontpage servers on the net.
It was effective, and he found site after site that had NO password
whatsoever limiting his ability to edit the servers pages. Actually, I
havent spent much time researching FrontPage, but I can say that most
admins are incapable of setting this up properly.

Frank

http://www.locked.com