front page extansions

From: juanbabi@yahoo.com
Date: Sun May 27 2007 - 05:11:37 EDT

• Next message: cwright@bdosyd.com.au: "Re: Re: Legality of WEP Cracking"
• Previous message: Derek Fountain: "Re: Most Successful Exploits/Tools to use against windows & Linux?"
• Next in thread: Nikhil Wagholikar: "Re: front page extansions"
• Reply: Nikhil Wagholikar: "Re: front page extansions"
• Reply: Sergi Rosello: "RE: front page extansions"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

in doing a pen test on a web server, the scanner found those urls:
status 403 http://www.domain.com/_vti_bin/
status 200 http://www.domain.com/_vti_inf.html
status 403 http://www.domain.com/inc/
status 301 http://www.domain.com/images/
status 301 http://www.domain.com/faq

FrontPage Configuration Information
    FPVersion="5.0.2.6790"
    FPShtmlScriptUrl="_vti_bin/shtml.dll/_vti_rpc"
    FPAuthorScriptUrl="_vti_bin/_vti_aut/author.dll"
    FPAdminScriptUrl="_vti_bin/_vti_adm/admin.dll"
    TPScriptUrl="_vti_bin/owssvr.dll"

Any idea how I can exploit those url or abuse them?

thanks a lot !

Juan

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------

• Next message: cwright@bdosyd.com.au: "Re: Re: Legality of WEP Cracking"
• Previous message: Derek Fountain: "Re: Most Successful Exploits/Tools to use against windows & Linux?"
• Next in thread: Nikhil Wagholikar: "Re: front page extansions"
• Reply: Nikhil Wagholikar: "Re: front page extansions"
• Reply: Sergi Rosello: "RE: front page extansions"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:50 EDT