Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Frontpage - root directory not password protected

From: "Paul Melson" <pmelson () gmail com>
Date: Tue, 10 Oct 2006 14:36:37 -0400
-----Original Message-----
Subject: Frontpage - root directory not password protected



"The following directories have FrontPage enabled, but are not password

protected"


I looked at the *.nasl yet was wondering is there a way to test / prove

the findings w/o having MS 

FrontPage s/w? Is there a scripted method maybe with  nc and or a curl

shell script?

Looking at the file (frontpage_passwordless.nasl), there are two HTTP
requests that are made to the server.  The first one would be easy enough to
do in a shell:

wget http://[server:port]/[path]/_vti_inf.html |grep FPAuthorScriptUrl

If any lines come back, the check was successful and FrontPage extensions
are present.  The second HTTP request, which checks whether or not there is
a password set for that directory, would be a whole lot trickier to do in a
shell.  If I needed to rewrite the check so that it could be run
independently, I'd do it with Perl.  Getting a copy of FrontPage is probably
the easier thing to do, however.


PaulM


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: