|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Doubledot bug in FrontPage FrontPage Personal Web Server.
From: Jan van de Rijt (rijt
WISH.NET)Date: Tue Feb 15 2000 - 17:15:51 CST
- Next message: Bennett Todd: "Re: DDOS Attack Mitigation"
- Previous message: NAI Labs: "ARCserve symlink vulnerability"
- Next in thread: GALES,SIMON (Non-A-ColSprings,ex1): "Re: Doubledot bug in FrontPage FrontPage Personal Web Server."
- Reply: GALES,SIMON (Non-A-ColSprings,ex1): "Re: Doubledot bug in FrontPage FrontPage Personal Web Server."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Description: Doubledot bug in FrontPage FrontPage Personal Web Server.
Compromise: Accessing drive trough browser.
Vulnerable Systems: Frontpage-PWS32/3.0.2.926 other versions not tested.
Details:
When FrontPage-PWS runs a site on your c:\ drive your drive could be accessed by any user accessing your page, simply by requesting any file in any directory except the files in the FrontPage dir. specially /_vti_pvt/.
How to exploit this bug?
Simply adding /..../ in the URL addressbar.
http://www.target.com/..../ so by requesting http://www.target.com/..../Windows/Admin.pwl the webserver let us download the .pwl file from the target.
Files and dirs. with the hidden attribute set are vulnerable.
Solution:
Greetings,
Jan van de Rijt aka The Warlock.
The best solution is installing FrontPage on a drive that doesn't contain Private information.