Re: FrontPage Personal Web Server

[kerb () FNUSA COM (Kerb)]

Tom,
        I really don't have access to a copy of FP2000.  If someone does, and would
like to test the exploit, I'd appreciate any feedback possible.  I would
suspect that the overflow still exists, being that most/all MS products are of
little worth.  One thing that would really help in the server would be to block
access from all IP's except 127.0.0.1.

-Kerb

On Tuesday, August 24, 1999 2:44 PM, Thomas Hsieh [SMTP:tyh () corp earthlink net]
wrote:
: Have you tested this exploint on FP2000?
:
:
: -Tom
:
: On Mon, 23 Aug 1999, Kerb wrote:
:
: > Date: Mon, 23 Aug 1999 03:28:39 -0500
: > From: Kerb <kerb () FNUSA COM>
: > To: BUGTRAQ () SECURITYFOCUS COM
: > Subject: FrontPage Personal Web Server
: >
: > I'm sorry if this exploit has already been released, but to the best of my
: > knowledge, it hasn't.  This is a small exploit (written in perl) that takes
: > advantage of the poor URL length handling of FrontPage 98's personal web
: > server
: > that is executed when you open/create a "web".  This exploit will work on
: > most
: > machines with a perl interpreter, I coded it (and tested it, of course) on
: > my
: > Wind0ze 95 machine.  If ya have any questions or comments about this
script,
: >
: > feel free to Email me.
: >
: >
: >
: >
: > -KerberosX  :       kerb [at] linuxfreak [dot] com
: >
: >
: >
: >
: >
: >