Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Some Past Frontpage Exploits
From: dleblanc () MINDSPRING COM (David LeBlanc)
Date: Mon, 27 Apr 1998 08:17:06 -0400


At 03:55 PM 4/26/98 -0700, chameleon wrote:
4. I saw a post today I believe about someone being able to connect to a
server with frontpage server extensions and being able to alter the page
without any password. The reason you can do this is the NT everyone group.
Its very common that a server with, NT4.0 server, IIS3.0 and frontpage
server extensions installed, you can alter their webpage via frontpage
because the everyone group is on the computer and it drops you right in.
That shouldnt be too hard to understand. Note: Right after installation of
frontpage server extensions on a NT4.0 IIS3.0 box it addes the everyone
group to have access to the server via frontpage explorer etc.

This is from lameness on the part of the admin.  When FP is running on NT,
you have an admin.dll and an author.dll.  The NTFS ACL on these DLLs sets
who can do what.  You typically want to make an authors group, and set
permissions to the DLL for that group.  If you set permissions on the DLL
to give access to everyone, then everyone is an author or an admin - whatever.

If the admin has also left the NTFS permissions on the web site at default,
you can probably use it to insert new content, and cause various bits of
mayhem.

Note that these DLLs aren't always global - there are ways to restrict
certain areas by adding more DLLs and changing their permissions.  See pg
371-372 in the IISRK for details.

Note - I have no idea what the default install permissions are.


David LeBlanc
dleblanc () mindspring com



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]