Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Doubledot bug in FrontPage FrontPage Personal Web Server.
From: kjm () RINS RYUKOKU AC JP (KOJIMA Hajime)
Date: Thu, 24 Feb 2000 20:29:09 +0900


In <000801bf780a$9ad4b2e0$0100007f () localhost>,
Jan van de Rijt wrote:
| Description: Doubledot bug in FrontPage FrontPage Personal Web Server.
| Compromise: Accessing drive trough browser.
| Vulnerable Systems: Frontpage-PWS32/3.0.2.926 other versions not tested.
| Details:
| When FrontPage-PWS runs a site on your c:\ drive your drive could be =
| accessed by any user accessing your page, simply by requesting any file =
| in any directory except the files in the FrontPage dir. specially =
| /_vti_pvt/.
|
| How to exploit this bug?
| Simply adding /..../ in the URL addressbar.

  It sounds like same as:

<http://www.securityfocus.com/templates/archive.pike?list=1&msg=01bae51a$9ab232b0$0100007f () nordnode>
<http://www.microsoft.com/security/bulletins/ms99-010.asp>

----
KOJIMA Hajime - Ryukoku University, Seta, Ootsu, Shiga, 520-2194 Japan
[Office] kjm () rins ryukoku ac jp, http://www.st.ryukoku.ac.jp/~kjm/



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]