Bugtraq mailing list archives
Doubledot bug in FrontPage FrontPage Personal Web Server.
From: rijt () WISH NET (Jan van de Rijt)
Date: Wed, 16 Feb 2000 00:15:51 +0100
Description: Doubledot bug in FrontPage FrontPage Personal Web Server. Compromise: Accessing drive trough browser. Vulnerable Systems: Frontpage-PWS32/3.0.2.926 other versions not tested. Details: When FrontPage-PWS runs a site on your c:\ drive your drive could be accessed by any user accessing your page, simply by requesting any file in any directory except the files in the FrontPage dir. specially /_vti_pvt/. How to exploit this bug? Simply adding /..../ in the URL addressbar. <A HREF="http://www.target.com/..../<any_dir">http://www.target.com/..../<any_dir</A>>/<any_file> so by requesting http://www.target.com/..../Windows/Admin.pwl the webserver let us download the .pwl file from the target. Files and dirs. with the hidden attribute set are vulnerable. Solution: The best solution is installing FrontPage on a drive that doesn't contain Private information. Greetings, Jan van de Rijt aka The Warlock.
Current thread:
- Doubledot bug in FrontPage FrontPage Personal Web Server. Jan van de Rijt (Feb 15)
- <Possible follow-ups>
- Re: Doubledot bug in FrontPage FrontPage Personal Web Server. GALES,SIMON (Non-A-ColSprings,ex1) (Feb 18)
- Re: Doubledot bug in FrontPage FrontPage Personal Web Server. Jeff Dafoe (Feb 18)
- Re: Doubledot bug in FrontPage FrontPage Personal Web Server. Alexander Kiwerski (Feb 21)
- Re: Doubledot bug in FrontPage FrontPage Personal Web Server. KOJIMA Hajime (Feb 24)