Penetration Testing mailing list archives
RE: Frontpage - root directory not password protected
From: "Paul Melson" <pmelson () gmail com>
Date: Tue, 10 Oct 2006 14:36:37 -0400
-----Original Message----- Subject: Frontpage - root directory not password protected
"The following directories have FrontPage enabled, but are not password
protected"
I looked at the *.nasl yet was wondering is there a way to test / prove
the findings w/o having MS
FrontPage s/w? Is there a scripted method maybe with nc and or a curl
shell script? Looking at the file (frontpage_passwordless.nasl), there are two HTTP requests that are made to the server. The first one would be easy enough to do in a shell: wget http://[server:port]/[path]/_vti_inf.html |grep FPAuthorScriptUrl If any lines come back, the check was successful and FrontPage extensions are present. The second HTTP request, which checks whether or not there is a password set for that directory, would be a whole lot trickier to do in a shell. If I needed to rewrite the check so that it could be run independently, I'd do it with Perl. Getting a copy of FrontPage is probably the easier thing to do, however. PaulM ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- Frontpage - root directory not password protected secmail . lists (Oct 09)
- RE: Frontpage - root directory not password protected Paul Melson (Oct 10)
- <Possible follow-ups>
- Re: Frontpage - root directory not password protected matteo . cantoni (Oct 11)
- Re: Frontpage - root directory not password protected joe haldon (Oct 12)