Security Basics mailing list archives
Re: Frontpage Web, Authoring Access
From: "Paul Kurczaba" <paul () myipis com>
Date: Fri, 16 Jul 2004 15:35:57 -0400
I personally do not use frontpage extensions due to its lack of security. -Paul ----- Original Message ----- From: "Joey" <joey () our-town com> To: <security-basics () securityfocus com> Sent: Thursday, July 15, 2004 12:02 PM Subject: Frontpage Web, Authoring Access
Just a lurker, but a quick question.. I recently performed a scan of my domain with Nikto, results are below.. +
/_vti_bin/_vti_aut/author.dll?method=list+documents%3a3%2e0%2e2%2e1706&servi
ce
%5fname=&listHiddenDocs=true&listExplorerDocs=true&listRecurse=false&listFil
es=t
rue&listFolders=true&listLinkInfo=true&listIncludeParent=true&listDerivedT=f
alse &listBorders=false - We seem to have authoring access to the FrontPage
web.
(POST) +
/_vti_bin/_vti_aut/author.exe?method=list+documents%3a3%2e0%2e2%2e1706&servi
ce
%5fname=&listHiddenDocs=true&listExplorerDocs=true&listRecurse=false&listFil
es=t
rue&listFolders=true&listLinkInfo=true&listIncludeParent=true&listDerivedT=f
alse &listBorders=false - We seem to have authoring access to the FrontPage
web.
(POST) It's reporting FrontPage authoring access.. ..this isn't good, obviously. But when I try to open my web in FrontPage, it's asking for
authentication.
Is Nikto mis-reporting, or is there some other method of subversive authoring I'm unaware of .. ? If Nikto isn't mis-reporting, would upgrading to the latest versions of FrontPage fix the issue, or .. ? Appreciate any advice anyone has to offer.. -- Joey --------------------------------------------------------------------------
-
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or
less
to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the
skills
of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html --------------------------------------------------------------------------
--
--------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- Frontpage Web, Authoring Access Joey (Jul 16)
- Re: Frontpage Web, Authoring Access Paul Kurczaba (Jul 16)