[13953] in bugtraq
Re: Doubledot bug in FrontPage FrontPage Personal Web Server.
daemon@ATHENA.MIT.EDU (Jeff Dafoe)
Mon Feb 21 18:14:31 2000
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.3.96.1000218220842.27959C-100000@zothommog.evcom.net>
Date: Fri, 18 Feb 2000 22:10:21 -0500
Reply-To: Jeff Dafoe <jeffd@EVCOM.NET>
From: Jeff Dafoe <jeffd@EVCOM.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <0DB7B6E06277D311B797009027AA5B4A472AD1@axcs01.cs.itc.hp.com>
On Fri, 18 Feb 2000, GALES,SIMON (Non-A-ColSprings,ex1) wrote:
I was able to reporduce this on a PWS installation under Win98
second edition.
Jeff Dafoe
System Administrator
Evolution Communications, Inc.
> Does this only occur on Win9x? Has anyone been able to reproduce this?
> Jan, which OS/SP were you running?
>
> I vaguely remember some discussion (in BugTraq or NTBugTraq maybe?) about
> using "..." and/or "...." from the command prompt, and this is probably tied
> to that problem.
>
> G. Simon Gales
> george_gales@non.hp.com <mailto:george_gales@non.hp.com>
>
> -----Original Message-----
> From: Jan van de Rijt [mailto:rijt@WISH.NET]
> Sent: Tuesday, February 15, 2000 6:16 PM
> To: BUGTRAQ@SECURITYFOCUS.COM
> Subject: Doubledot bug in FrontPage FrontPage Personal Web Server.
>
>
> Description: Doubledot bug in FrontPage FrontPage Personal Web Server.
> Compromise: Accessing drive trough browser.
> Vulnerable Systems: Frontpage-PWS32/3.0.2.926 other versions not tested.
> Details:
> When FrontPage-PWS runs a site on your c:\ drive your drive could be
> accessed by any user accessing your page, simply by requesting any file in
> any directory except the files in the FrontPage dir. specially /_vti_pvt/.
>
> How to exploit this bug?
> Simply adding /..../ in the URL addressbar.
>
> http://www.target.com/..../ <http://www.target.com/..../<>
> <any_dir>/<any_file>
>
