|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: FW: 2 MS Frontpage issues Cerberus Information Security Advisory (CISADV000203)
From: Marc (marc
EEYE.COM)Date: Thu Feb 03 2000 - 19:03:10 CST
- Next message: George: "Re: FW: 2 MS Frontpage issues Cerberus Information Security Advisory (CISADV000203)"
- Previous message: rain forest puppy: "RFP2K01: "How I hacked PacketStorm" (wwwthreads advisory)"
- Maybe in reply to: Steve: "2 MS Frontpage issues Cerberus Information Security Advisory (CISADV000203)"
- Next in thread: George: "Re: FW: 2 MS Frontpage issues Cerberus Information Security Advisory (CISADV000203)"
- Maybe reply: Marc: "FW: 2 MS Frontpage issues Cerberus Information Security Advisory (CISADV000203)"
- Reply: George: "Re: FW: 2 MS Frontpage issues Cerberus Information Security Advisory (CISADV000203)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
| I posted a webpath "hole" for htimage to Bugtraq (www.securityfocus.com)
| about a month or so ago for those of you who missed it here are some other
| urls/programs that give out the web servers path:
|
| |Group Wise:
| |http://[server]/cgi-bin/GW5/US/GWWEB.EXE?&HTMLVER=~home
| |Could not find file C:\InetPub\wwwroot\cgi-bin\GW5\US\~HOME\xxx.htm
| |
| |FrontPage:
| |http://[server]/cgi-bin/htimage.exe?x=1&y=1
| |
| |Active Perl:
| |http://[server]/scripts/no-such-file.pl
|
| Forget who posted this one:
| Website pro
| telnet and send GET /HTTP1.0 \
|
| The htimage bug is a really old hole but maybe this time around Microsoft
| will finally fix it.
|
| On a side note... if your a web hosting company that offers FrontPage
| Extensions, you do understand that a default install will let any one of
| your clients compromise the server they are hosted on, right?
|
| This link might help:
| http://officeupdate.microsoft.com/frontpage/wpp/serk/scintro.htm
|
| Signed,
| Marc
| eEye Digital Security
| http://www.eEye.com
|
| | From: Windows NTBugtraq Mailing List
| | [mailto:NTBUGTRAQLISTSERV.NTBUGTRAQ.COM]On Behalf Of Mnemonix
| | Sent: Wednesday, February 02, 2000 4:28 PM
| | To: NTBUGTRAQLISTSERV.NTBUGTRAQ.COM
| | Subject: 2 MS Frontpage issues Cerberus Information Security Advisory
| | (CISADV000203)
| | Released : 3rd February 2000
| | Name : Frontpage Server Extentions
| | Affected Systems : Microsoft Windows NT 4 running Internet Information
| | Server with Frontpage
| | Issue : Attackers can discover the name of
| the anonyous
| | Internet account and learn physical paths on system
| | Author : David Litchfield (mnemonixglobalnet.co.uk)
| <snip>
|
|
_____________________________________________________________________
** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net
- Next message: George: "Re: FW: 2 MS Frontpage issues Cerberus Information Security Advisory (CISADV000203)"
- Previous message: rain forest puppy: "RFP2K01: "How I hacked PacketStorm" (wwwthreads advisory)"
- Maybe in reply to: Steve: "2 MS Frontpage issues Cerberus Information Security Advisory (CISADV000203)"
- Next in thread: George: "Re: FW: 2 MS Frontpage issues Cerberus Information Security Advisory (CISADV000203)"
- Maybe reply: Marc: "FW: 2 MS Frontpage issues Cerberus Information Security Advisory (CISADV000203)"
- Reply: George: "Re: FW: 2 MS Frontpage issues Cerberus Information Security Advisory (CISADV000203)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]