Bugtraq mailing list archives
Re: Leveraging search engines against FrontPage enabled websites
From: mrjekkyl () ERROR404 ORG (MrJeKKyL)
Date: Sun, 26 Apr 1998 16:45:00 -0700
After rather quickly discovering more than a dozen websites within less
than half an hour using the _vti_inf.html method. I decided to see if the
Microsoft Management Console (MMC) would provide the same results as did
the FP Explorer. I was able to connect and view what particular services
were being used by the MMC for a few of the websites. Thankfully, I did
recieve "Access Denied" warnings and "Network name not found" when trying
to view the properties for those services.
I'm curious if anyone else has taken this apporach. Or tried different
methods using the same tools. As it could lead to a serious problem. There
are huge holes waiting to happen to people if a remote MMC can be used on a
misconfigured FP enabled webserver.
Note: I have attempted to contact those webmasters whos sites proved
vulnerable.
--
PGP Key available on request.
PGP Fingerprint: E5D6 41C7 50D9 4F29 0475 4829 8806 096A 6A97 1907
" Whether the chicken crossed the road or the road moved beneath the
chicken depends on your frame of reference."
Current thread:
- Re: Leveraging search engines against FrontPage enabled websites MrJeKKyL (Apr 26)
- Re: Leveraging search engines against FrontPage enabled websites David LeBlanc (Apr 28)
- Re: Leveraging search engines against FrontPage enabled websites Michael Nelson (Apr 28)
- [Debian 2.0] /usr/bin/suidexec gives root access Thomas Roessler (Apr 28)
- Re: [Debian 2.0] /usr/bin/suidexec gives root access Russell Coker - mailing lists account (Apr 28)
- Re: [Debian 2.0] /usr/bin/suidexec gives root access Joey Hess (Apr 28)
- Re: [Debian 2.0] /usr/bin/suidexec gives root access Russell Coker - mailing lists account (Apr 28)
- Re: Leveraging search engines against FrontPage enabled websites David LeBlanc (Apr 28)