Vulnerability Development mailing list archives
Re: MS Frontpage shtml.dll Path Leak Vulnerability
From: marc () EEYE COM (Marc)
Date: Tue, 14 Mar 2000 09:13:57 -0800
Write an ISAPI filter that filters out the request or reroutes the user... that should work. Signed, Marc eEye Digital Security http://www.eEye.com "It is the years that blind you. Searching so hard for success you lose grasp on the basic wonders of being alive." -chameleon | -----Original Message----- | From: VULN-DEV List [mailto:VULN-DEV () SECURITYFOCUS COM]On Behalf Of Greg | Sent: Sunday, March 12, 2000 9:51 PM | To: VULN-DEV () SECURITYFOCUS COM | Subject: MS Frontpage shtml.dll Path Leak Vulnerability | | | Hi All | | This is my first time I have written to this forum so | please excuse any annoying 'newbie' style message habits. | | I currently run NT4 Server with IIS4. I have discovered a | hole where the actual path is produced on the web page if | someone does the following provided the server running is | NT4/IIS and have the FrontPage extensions installed: | | http://www.anydomainname.com/_vti_bin/shtml.dll/any_nonexist | ent_web_page.htm | | Does anyone know of a fix available or a work around? | | I thank anyone who can help me out with this. | | Cheers ;-) | | - Greg |
Current thread:
- Re: spoofing the ethernet address, (continued)
- Re: spoofing the ethernet address Ex Machina [xm] (Mar 07)
- Re: spoofing the ethernet address Dimitrios Petropoulos x9234 Singer / 4 (Mar 08)
- [Q] CORBA, IIOP Simon Tamás (Mar 08)
- Unwanted automagic processing (Was: Re: [Q] CORBA, IIOP) Mikael Olsson (Mar 09)
- Re: Unwanted automagic processing (Was: Re: [Q] CORBA, IIOP) Nicolas Justin (Mar 10)
- Re: Unwanted automagic processing (Was: Re: [Q] CORBA, IIOP) Liviu Daia (Mar 10)
- MS Frontpage shtml.dll Path Leak Vulnerability Greg (Mar 12)
- NT 4.0 (Workstation) Logon Authentication Vulnerability jhw1970 () HOTMAIL COM (Mar 14)
- Re: NT 4.0 (Workstation) Logon Authentication Vulnerability Phil Cox (Mar 14)
- Re: NT 4.0 (Workstation) Logon Authentication Vulnerability Maxime Rousseau (Mar 15)
- Re: spoofing the ethernet address Ex Machina [xm] (Mar 07)
- Re: MS Frontpage shtml.dll Path Leak Vulnerability Marc (Mar 14)
- Re: Unwanted automagic processing (Was: Re: [Q] CORBA, IIOP) Simon Tamás (Mar 13)
- (another) MS Outlook hole in embedded metafiles? Michael Wojcik (Mar 08)
- Re: spoofing the ethernet address Pavel Kankovsky (Mar 09)
- Extending the FTP "ALG" vulnerability to any FTP client Mikael Olsson (Mar 10)
- DoS in ArGoSoft FTP Server, Version 1.04 (1.0.4.4) for win* Knud Erik Højgaard (Feb 11)
- Re: Extending the FTP "ALG" vulnerability to any FTP client Dug Song (Mar 11)
- Security auditing of network infrastructure Martin M Samson (Mar 11)
- information being stored from cgi forms Bob Johnson (Mar 10)
- Re: information being stored from cgi forms Crispin Cowan (Mar 10)