marcEEYE.COM

• Next message: jhw1970HOTMAIL.COM: "NT 4.0 (Workstation) Logon Authentication Vulnerability"
• Previous message: Bud Meister: "Crashing Win9x with smbclient"
• In reply to: Greg: "MS Frontpage shtml.dll Path Leak Vulnerability"
• Reply: Marc: "Re: MS Frontpage shtml.dll Path Leak Vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Write an ISAPI filter that filters out the request or reroutes the user...
that should work.

Signed,
Marc
eEye Digital Security
http://www.eEye.com

"It is the years that blind you. Searching so hard for success you lose
grasp on the basic wonders of being alive."
-chameleon

| -----Original Message-----
| From: VULN-DEV List [mailto:VULN-DEVSECURITYFOCUS.COM]On Behalf Of Greg
| Sent: Sunday, March 12, 2000 9:51 PM
| To: VULN-DEVSECURITYFOCUS.COM
| Subject: MS Frontpage shtml.dll Path Leak Vulnerability
|
|
| Hi All
|
| This is my first time I have written to this forum so
| please excuse any annoying 'newbie' style message habits.
|
| I currently run NT4 Server with IIS4. I have discovered a
| hole where the actual path is produced on the web page if
| someone does the following provided the server running is
| NT4/IIS and have the FrontPage extensions installed:
|
| http://www.anydomainname.com/_vti_bin/shtml.dll/any_nonexist
| ent_web_page.htm
|
| Does anyone know of a fix available or a work around?
|
| I thank anyone who can help me out with this.
|
| Cheers ;-)
|
| - Greg
|

• Next message: jhw1970HOTMAIL.COM: "NT 4.0 (Workstation) Logon Authentication Vulnerability"
• Previous message: Bud Meister: "Crashing Win9x with smbclient"
• In reply to: Greg: "MS Frontpage shtml.dll Path Leak Vulnerability"
• Reply: Marc: "Re: MS Frontpage shtml.dll Path Leak Vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]