Bugtraq mailing list archives
Re: FrontPage Personal Web Server
From: kerb () FNUSA COM (Kerb)
Date: Wed, 25 Aug 1999 18:10:08 -0500
Tom, I really don't have access to a copy of FP2000. If someone does, and would like to test the exploit, I'd appreciate any feedback possible. I would suspect that the overflow still exists, being that most/all MS products are of little worth. One thing that would really help in the server would be to block access from all IP's except 127.0.0.1. -Kerb On Tuesday, August 24, 1999 2:44 PM, Thomas Hsieh [SMTP:tyh () corp earthlink net] wrote: : Have you tested this exploint on FP2000? : : : -Tom : : On Mon, 23 Aug 1999, Kerb wrote: : : > Date: Mon, 23 Aug 1999 03:28:39 -0500 : > From: Kerb <kerb () FNUSA COM> : > To: BUGTRAQ () SECURITYFOCUS COM : > Subject: FrontPage Personal Web Server : > : > I'm sorry if this exploit has already been released, but to the best of my : > knowledge, it hasn't. This is a small exploit (written in perl) that takes : > advantage of the poor URL length handling of FrontPage 98's personal web : > server : > that is executed when you open/create a "web". This exploit will work on : > most : > machines with a perl interpreter, I coded it (and tested it, of course) on : > my : > Wind0ze 95 machine. If ya have any questions or comments about this script, : > : > feel free to Email me. : > : > : > : > : > -KerberosX : kerb [at] linuxfreak [dot] com : > : > : > : > : > : >
Current thread:
- Re: FrontPage Personal Web Server Kerb (Aug 25)