Bugtraq mailing list archives
Re: Doubledot bug in FrontPage FrontPage Personal Web Server.
From: kjm () RINS RYUKOKU AC JP (KOJIMA Hajime)
Date: Thu, 24 Feb 2000 20:29:09 +0900
In <000801bf780a$9ad4b2e0$0100007f@localhost>, Jan van de Rijt wrote: | Description: Doubledot bug in FrontPage FrontPage Personal Web Server. | Compromise: Accessing drive trough browser. | Vulnerable Systems: Frontpage-PWS32/3.0.2.926 other versions not tested. | Details: | When FrontPage-PWS runs a site on your c:\ drive your drive could be = | accessed by any user accessing your page, simply by requesting any file = | in any directory except the files in the FrontPage dir. specially = | /_vti_pvt/. | | How to exploit this bug? | Simply adding /..../ in the URL addressbar. It sounds like same as: <http://www.securityfocus.com/templates/archive.pike?list=1&msg=01bae51a$9ab232b0$0100007f@nordnode> <http://www.microsoft.com/security/bulletins/ms99-010.asp> ---- KOJIMA Hajime - Ryukoku University, Seta, Ootsu, Shiga, 520-2194 Japan [Office] kjm () rins ryukoku ac jp, http://www.st.ryukoku.ac.jp/~kjm/
Current thread:
- Doubledot bug in FrontPage FrontPage Personal Web Server. Jan van de Rijt (Feb 15)
- <Possible follow-ups>
- Re: Doubledot bug in FrontPage FrontPage Personal Web Server. GALES,SIMON (Non-A-ColSprings,ex1) (Feb 18)
- Re: Doubledot bug in FrontPage FrontPage Personal Web Server. Jeff Dafoe (Feb 18)
- Re: Doubledot bug in FrontPage FrontPage Personal Web Server. Alexander Kiwerski (Feb 21)
- Re: Doubledot bug in FrontPage FrontPage Personal Web Server. KOJIMA Hajime (Feb 24)