mailing list archives
Leveraging search engines against Frontpage enabled servers
From: fdarden () LOCKED COM (frank darden)
Date: Sun, 26 Apr 1998 14:46:32 -0400
Although this isnt really much more than a human bug, I thought I would
share the following information.
After reading some of the above posts, a friend decided to load up
FrontPage Editor, in an effort to seek out vulnerable sites. He did a
search on _vti_inf.html to get a list of some Frontpage servers on the net.
It was effective, and he found site after site that had NO password
whatsoever limiting his ability to edit the servers pages. Actually, I
havent spent much time researching FrontPage, but I can say that most
admins are incapable of setting this up properly.