[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] Frontpage Extensions Remote Command Execution

To: <full-disclosure@lists.netsys.com>
Subject: RE: [Full-Disclosure] Frontpage Extensions Remote Command Execution
From: "Geo." <geoincidents@getinfo.org>
Date: Wed, 12 Nov 2003 14:41:03 -0500

>>
Well, for one, it's not root level.  It allows ANONYMOUS (Guest) access
<<

No it's not, IWAM is Web Applications MANAGER account you were thinking of
IUSR perhaps? This is not guest. This account can change websites so in a
multi host environment this level of access will allow a compromise of every
website on the server.

Geo. (I'd call that root)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- RE: [Full-Disclosure] Frontpage Extensions Remote Command Execution
  - From: "mattmurphy@kc.rr.com" <mattmurphy@kc.rr.com>

Prev by Date: Re: [Full-Disclosure] Frontpage Extensions Remote Command Execution
Next by Date: [Full-Disclosure] why commcerical software *could* be better [WAS: Re: [Full-Disclosure] Microsoft prepares security assault on Linux]
Previous by thread: Re: [Full-Disclosure] Frontpage Extensions Remote Command Execution
Next by thread: RE: [Full-Disclosure] Frontpage Extensions Remote Command Execution
Index(es):
- Date
- Thread