Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: front page extansions
From: "Nikhil Wagholikar" <visitnikhil () gmail com>
Date: Mon, 28 May 2007 10:10:06 +0530

Hello Juanbabi,
Nessus is one of the best alternative to exploit frontpage extensions.
The other alternative to give a try is Metasploit.

--
Nikhil Wagholikar
Security Analyst


NII Consulting
Web: www.niiconsulting.com
On 27 May 2007 09:11:37 -0000, juanbabi () yahoo com <juanbabi () yahoo com> wrote:
Hi,


in doing a pen test on a web server, the scanner found those urls:

status 403 http://www.domain.com/_vti_bin/

status 200 http://www.domain.com/_vti_inf.html

status 403 http://www.domain.com/inc/

status 301 http://www.domain.com/images/

status 301 http://www.domain.com/faq


FrontPage Configuration Information

   FPVersion="5.0.2.6790"

   FPShtmlScriptUrl="_vti_bin/shtml.dll/_vti_rpc"

   FPAuthorScriptUrl="_vti_bin/_vti_aut/author.dll"

   FPAdminScriptUrl="_vti_bin/_vti_adm/admin.dll"

   TPScriptUrl="_vti_bin/owssvr.dll"





Any idea how I can exploit those url or abuse them?


thanks a lot !


Juan

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]