Penetration Testing mailing list archives

front page extansions

From: juanbabi () yahoo com
Date: 27 May 2007 09:11:37 -0000

Hi,

in doing a pen test on a web server, the scanner found those urls:
status 403 http://www.domain.com/_vti_bin/ 
status 200 http://www.domain.com/_vti_inf.html
status 403 http://www.domain.com/inc/
status 301 http://www.domain.com/images/
status 301 http://www.domain.com/faq

FrontPage Configuration Information
    FPVersion="5.0.2.6790"
    FPShtmlScriptUrl="_vti_bin/shtml.dll/_vti_rpc"
    FPAuthorScriptUrl="_vti_bin/_vti_aut/author.dll"
    FPAdminScriptUrl="_vti_bin/_vti_adm/admin.dll"
    TPScriptUrl="_vti_bin/owssvr.dll"

 

Any idea how I can exploit those url or abuse them?

thanks a lot !

Juan

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------

Current thread:

front page extansions juanbabi (May 27)
- RE: front page extansions Sergi Rosello (May 29)
- Re: front page extansions Nikhil Wagholikar (May 29)