Frontpage no password privileges escalation?

From: 09sparky@gmail.com
Date: Tue Oct 03 2006 - 20:35:11 EDT

Next message: Nish Bhalla: "RE: XML File Inclusion and Path Traversal Attacks (was RE: XML Port Scanning)"
Previous message: George: "Swiss watches, 95% off"
Next in thread: thomas springer: "Re: Frontpage no password privileges escalation?"
Reply: thomas springer: "Re: Frontpage no password privileges escalation?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

('binary' encoding is not supported, stored as-is) Does anyone know if there is a way to gain root/admin access to a system if you are able to connect to Microsoft FrontPage with No password set on the web server? It is running "Microsoft IIS web server 5.0". The system has been clearly compromised, but I want to see if there were any additional attack vectors that the hackers have performed, to compromise the rest of the system. The obvious recommendation to the client is to re-image the whole machine (after forensic investigation - if necessary), but any suggestions for escalating privileges?

Thanks,
09Sparky

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

Next message: Nish Bhalla: "RE: XML File Inclusion and Path Traversal Attacks (was RE: XML Port Scanning)"
Previous message: George: "Swiss watches, 95% off"
Next in thread: thomas springer: "Re: Frontpage no password privileges escalation?"
Reply: thomas springer: "Re: Frontpage no password privileges escalation?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:05 EDT