[6590] in bugtraq
Re: More Microsoft debri
daemon@ATHENA.MIT.EDU (James E. Robinson, III)
Fri Apr 24 00:14:29 1998
Date: Thu, 23 Apr 1998 21:33:25 -0400
Reply-To: james@ncstate.net
From: "James E. Robinson, III" <jerobins@UNITY.NCSU.EDU>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199804232136.OAA02589@s1000e2>; from pedward@WEBCOM.COM on Thu,
Apr 23, 1998 at 02:36:00PM -0700
> [On Thu Apr 23 14:36:00 1998, pedward@WEBCOM.COM wrote]
[snip snip]
> (Oh, BTW, there exists a very HUGE privacy hole in the FP
> extenstions). If you go to a site that has FP extensions, just pick
> any directory in the URL, yank the filename off, and put "_vti_cnf"
> there instead...you'll get a complete listing of all the files in the
> real directory. With this you can snatch files that weren't meant to
> be seen by the public...and it's available on ALL FP enabled sites.
Incorrect. This reflects on the web server configuration, not
necessarily that of FP....same goes for the password file snatching.
i.e. it's easy to set up Apache to prevent this stuff. Though, FP does
want to keep "touching" various files, including the .htaccess
files...changing the permissions after FP has created them keeps
everything in check (so long as httpd and FP can still *read* the
files).
James
--
James E. Robinson, III | james@ncstate.net | Lead Systems Programmer
NC State University | NCState.Net | http://www.ncstate.net/
Information Technology | PGP key at http://www.ncstate.net/james/pgp/
