Home page logo
/

bugtraq logo Bugtraq mailing list archives

Doubledot bug in FrontPage FrontPage Personal Web Server.
From: rijt () WISH NET (Jan van de Rijt)
Date: Wed, 16 Feb 2000 00:15:51 +0100


Description: Doubledot bug in FrontPage FrontPage Personal Web Server.
Compromise: Accessing drive trough browser.
Vulnerable Systems: Frontpage-PWS32/3.0.2.926 other versions not tested.
Details:
When FrontPage-PWS runs a site on your c:\ drive your drive could be accessed by any user accessing your page, simply 
by requesting any file in any directory except the files in the FrontPage dir. specially /_vti_pvt/.

How to exploit this bug?
Simply adding /..../ in the URL addressbar.

<A HREF="http://www.target.com/..../<any_dir">http://www.target.com/..../<any_dir</A>>/<any_file>

so by requesting http://www.target.com/..../Windows/Admin.pwl the webserver let us download the .pwl file from the 
target.

Files and dirs. with the hidden attribute set are vulnerable.

Solution:
The best solution is installing FrontPage on a drive that doesn't contain Private information.

Greetings,

Jan van de Rijt aka The Warlock.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]