Bugtraq mailing list archives
Re: Leveraging search engines against FrontPage enabled websites
From: mrjekkyl () ERROR404 ORG (MrJeKKyL)
Date: Sun, 26 Apr 1998 16:45:00 -0700
After rather quickly discovering more than a dozen websites within less than half an hour using the _vti_inf.html method. I decided to see if the Microsoft Management Console (MMC) would provide the same results as did the FP Explorer. I was able to connect and view what particular services were being used by the MMC for a few of the websites. Thankfully, I did recieve "Access Denied" warnings and "Network name not found" when trying to view the properties for those services. I'm curious if anyone else has taken this apporach. Or tried different methods using the same tools. As it could lead to a serious problem. There are huge holes waiting to happen to people if a remote MMC can be used on a misconfigured FP enabled webserver. Note: I have attempted to contact those webmasters whos sites proved vulnerable. -- PGP Key available on request. PGP Fingerprint: E5D6 41C7 50D9 4F29 0475 4829 8806 096A 6A97 1907 " Whether the chicken crossed the road or the road moved beneath the chicken depends on your frame of reference."
Current thread:
- Re: Leveraging search engines against FrontPage enabled websites MrJeKKyL (Apr 26)
- Re: Leveraging search engines against FrontPage enabled websites David LeBlanc (Apr 28)
- Re: Leveraging search engines against FrontPage enabled websites Michael Nelson (Apr 28)
- [Debian 2.0] /usr/bin/suidexec gives root access Thomas Roessler (Apr 28)
- Re: [Debian 2.0] /usr/bin/suidexec gives root access Russell Coker - mailing lists account (Apr 28)
- Re: [Debian 2.0] /usr/bin/suidexec gives root access Joey Hess (Apr 28)
- Re: [Debian 2.0] /usr/bin/suidexec gives root access Russell Coker - mailing lists account (Apr 28)
- Re: Leveraging search engines against FrontPage enabled websites David LeBlanc (Apr 28)