[WEB4LIB] FrontPage [server extensions exploit] question
sean dreilinger
sean at savvysearch.com
Wed Apr 28 14:39:56 EDT 1999
Thomas Dowling wrote:
> I'm seeing some hits in our web logs where people are trying both POSTs
> and GETs to URIs on our server named, for example, "/_vti_inf.html" and
> "/_vti_bin/shtml.exe". I gather these URIs, if they existed, would be
> part of the Front Page server extensions. My question is, why would
> someone be trying to access those URIs if our server does not have (and
> has never had) the FP extensions?
there are exploits to web servers running ms frontpage extensions. i
installed the frontpage extensions on unix years ago and promptly
removed them when i saw how it manipulated the web server's
configuration and unix permissions. never got into the remote frontpage
exploits but here are a few links if anyone is running frontpage server
extensions and wants to do their homework:
http://www.insecure.org/sploits/Microsoft.frontpage.insecurities.html
http://www.genocide2600.com/~tattooman/rhino9-products/r9-frontpage-netbios.txt
http://www.genocide2600.com/~tattooman/new-exploits-99/page.sh
nb microsoft may patch or fix these exploits from time to time, but i
suspect many server administrators are not clued in to monitor and
install such patches before its too late.
hth
--sean
--
mailto:sean at savvysearch.com sean dreilinger, mlis
http://www.savvysearch.com http://durak.org/sean
More information about the Web4lib
mailing list