Bugtraq mailing list archives
Re: Doubledot bug in FrontPage FrontPage Personal Web Server.
From: george_gales () NON HP COM (GALES,SIMON (Non-A-ColSprings,ex1))
Date: Fri, 18 Feb 2000 14:46:47 -0700
I've attempted to reproduce this on: Windows NT 4.0 Workstation SP5 Windows NT 4.0 Workstation SP3 Windows NT 4.0 Workstation SP1 with no joy. I'm running FP98, which installed PWS 3.0.2.926. Does this only occur on Win9x? Has anyone been able to reproduce this? Jan, which OS/SP were you running? I vaguely remember some discussion (in BugTraq or NTBugTraq maybe?) about using "..." and/or "...." from the command prompt, and this is probably tied to that problem. G. Simon Gales george_gales () non hp com <mailto:george_gales () non hp com> -----Original Message----- From: Jan van de Rijt [mailto:rijt () WISH NET] Sent: Tuesday, February 15, 2000 6:16 PM To: BUGTRAQ () SECURITYFOCUS COM Subject: Doubledot bug in FrontPage FrontPage Personal Web Server. Description: Doubledot bug in FrontPage FrontPage Personal Web Server. Compromise: Accessing drive trough browser. Vulnerable Systems: Frontpage-PWS32/3.0.2.926 other versions not tested. Details: When FrontPage-PWS runs a site on your c:\ drive your drive could be accessed by any user accessing your page, simply by requesting any file in any directory except the files in the FrontPage dir. specially /_vti_pvt/. How to exploit this bug? Simply adding /..../ in the URL addressbar. http://www.target.com/..../ <http://www.target.com/..../<> <any_dir>/<any_file> so by requesting http://www.target.com/..../Windows/Admin.pwl <http://www.target.com/..../Windows/Admin.pwl> the webserver let us download the .pwl file from the target. Files and dirs. with the hidden attribute set are vulnerable. Solution: The best solution is installing FrontPage on a drive that doesn't contain Private information. Greetings, Jan van de Rijt aka The Warlock.
Current thread:
- Doubledot bug in FrontPage FrontPage Personal Web Server. Jan van de Rijt (Feb 15)
- <Possible follow-ups>
- Re: Doubledot bug in FrontPage FrontPage Personal Web Server. GALES,SIMON (Non-A-ColSprings,ex1) (Feb 18)
- Re: Doubledot bug in FrontPage FrontPage Personal Web Server. Jeff Dafoe (Feb 18)
- Re: Doubledot bug in FrontPage FrontPage Personal Web Server. Alexander Kiwerski (Feb 21)
- Re: Doubledot bug in FrontPage FrontPage Personal Web Server. KOJIMA Hajime (Feb 24)