[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] Frontpage Extensions Remote Command Execution

To: "Geo." <geoincidents@getinfo.org>, <full-disclosure@lists.netsys.com>
Subject: RE: [Full-Disclosure] Frontpage Extensions Remote Command Execution
From: "Nick Jacobsen" <nick@ethicsdesign.com>
Date: Wed, 12 Nov 2003 13:14:40 -0800

Has anyone even had any luck reproducing this?  I can't for the life of
me get a crash...

        -----Original Message----- 
        From: Geo. 
        Sent: Wed 11/12/2003 11:41 AM 
        To: full-disclosure@lists.netsys.com 
        Cc: 
        Subject: RE: [Full-Disclosure] Frontpage Extensions Remote
Command Execution
        
        

        >>
        Well, for one, it's not root level.  It allows ANONYMOUS (Guest)
access
        <<
        
        No it's not, IWAM is Web Applications MANAGER account you were
thinking of
        IUSR perhaps? This is not guest. This account can change
websites so in a
        multi host environment this level of access will allow a
compromise of every
        website on the server.
        
        Geo. (I'd call that root)
        
        _______________________________________________
        Full-Disclosure - We believe in it.
        Charter: http://lists.netsys.com/full-disclosure-charter.html

<<winmail.dat>>

Follow-Ups:
- Re[2]: [Full-Disclosure] Frontpage Extensions Remote Command Execution
  - From: Adik <netninja@hotmail.kg>

Prev by Date: Re: [Full-Disclosure] why commcerical software *could* be better [WAS: Re: [Full-Disclosure] Microsoft prepares security assault on Linux]
Next by Date: RE: [Full-Disclosure] Frontpage Extensions Remote Command Execution
Previous by thread: RE: [Full-Disclosure] Frontpage Extensions Remote Command Execution
Next by thread: Re[2]: [Full-Disclosure] Frontpage Extensions Remote Command Execution
Index(es):
- Date
- Thread