Penetration Testing mailing list archives
Microsoft FrontPage Extensions Site Defacement
From: Juan B <juanbabi () yahoo com>
Date: Sat, 8 Mar 2008 21:23:14 -0800 (PST)
Hi All, for a client I am doing a pt on his web site. with a volunerability scanner i found frot page extanions enabled. the scanner reports: Security Risk It is possible to upload, modify or delete web pages, scripts and files on the web server Possible Causes Improper permissions/ACLs were set to file/directory Technical Description FrontPage defines three kinds of users for every FrontPage web: administrators, authors and browsers (end-users). All permissions are cumulative; all authors also have browsing permission, and all administrators also have authoring and browsing permissions. In FrontPage, the list of administrators, authors and browsers is defined on a per-web basis. All content in a FrontPage web will be accessible to the same set of users and groups. It is not possible to control permissions on a per-file or per-directory basis with FrontPage. All FrontPage sub-webs either inherit the permissions (list of administrators, authors and browsers) of the FrontPage root web or use their own, unique permissions. Each FrontPage web (including each sub-web) contains copies of three ISAPI DLLs that make up the FrontPage Sever Extensions. These DLLs are created in directories below the top-level directory of a FrontPage web: [1] _vti_bin/_vti_adm/admin.dll for administrative tasks [2] _vti_bin/_vti_aut/author.dll for authoring FrontPage webs [3] _vti_bin/shtml.dll for browse-time FrontPage components such as form handlers. These files must be set with restrictive permissions in order not to allow site defacement, since the files can be used to modify the web content remotely. this is what the scanner send: GET /_vti_bin/_vti_aut/author.exe HTTP/1.0 Cookie: ASP.NET_SessionId=nenizo45ytkot245dfgcaq45 Accept: */* Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0) Host: www.cimmyt.org does someone knows how can I exploit this or where I can find an working exploit? Thanks a lot! Juan ____________________________________________________________________________________ Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Microsoft FrontPage Extensions Site Defacement Juan B (Mar 12)