[6610] in bugtraq
Leveraging search engines against Frontpage enabled servers
daemon@ATHENA.MIT.EDU (frank darden)
Sun Apr 26 15:24:35 1998
Date: Sun, 26 Apr 1998 14:46:32 -0400
Reply-To: frank darden <fdarden@LOCKED.COM>
From: frank darden <fdarden@LOCKED.COM>
To: BUGTRAQ@NETSPACE.ORG
Although this isnt really much more than a human bug, I thought I would
share the following information.
After reading some of the above posts, a friend decided to load up
FrontPage Editor, in an effort to seek out vulnerable sites. He did a
search on _vti_inf.html to get a list of some Frontpage servers on the net.
It was effective, and he found site after site that had NO password
whatsoever limiting his ability to edit the servers pages. Actually, I
havent spent much time researching FrontPage, but I can say that most
admins are incapable of setting this up properly.
Frank
http://www.locked.com
