Re: FrontPage client

From: Thrynn (thrynn404@gmail.com)
Date: Wed Sep 05 2007 - 22:35:21 EDT


you can just use Windows (file) Explorer...look on the left and you'll
see something about Web folders. Go through the motions and if it
doesn't ask for login or password, you've got access.

On 9/5/07, Walsh, Leo <Leo_Walsh@jeffersonwells.com> wrote:
> I ran across this vuln in Nessus and was wondering if there was a free
> application that would let me exploit this vulnerability as if I had
> FrontPage (I'm trying other things for other exploits). I couldn't find
> one. I'm downloading the trial version of Microsoft's FrontPage
> replacement but when the trial runs out I probably won't be able to use
> it. Does anyone have any suggestions?
>
> The following directories have frontpage enabled, but are not password
> protected :
>
> /
>
>
> Anyone can use Microsoft FrontPage to modify them.
>
> Solution : Set a password on the frontpage installation of these
> directories
> See also : http://www.ciac.org/ciac/bulletins/k-048.shtml
> Risk factor : High
>
> -Leo Walsh, GSNA
> Jefferson Wells International
> ******* Internet Email Confidentiality ******* The information
> contained in this message may be privileged and confidential and
> protected from disclosure. If the reader of this message is not the
> intended recipient, or an employee or agent responsible for
> delivering this message to the intended recipient, you are hereby
> notified that it is strictly prohibited (a) to disseminate,
> distribute or copy this communication or any of the information
> contained in it, or (b) to take any action based on the information
> in it. If you have received this communication in error, please
> notify us immediately by replying to the message and deleting it
> from your computer.
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ------------------------------------------------------------------------
>
>

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:06 EDT