Tom, I really don't have access to a copy of FP2000. If someone does, and would like to test the exploit, I'd appreciate any feedback possible. I would suspect that the overflow still exists, being that most/all MS products are of little worth. One thing that would really help in the server would be to block access from all IP's except 127.0.0.1. -Kerb On Tuesday, August 24, 1999 2:44 PM, Thomas Hsieh [SMTP:tyhat_private] wrote: : Have you tested this exploint on FP2000? : : : -Tom : : On Mon, 23 Aug 1999, Kerb wrote: : : > Date: Mon, 23 Aug 1999 03:28:39 -0500 : > From: Kerb <kerbat_private> : > To: BUGTRAQat_private : > Subject: FrontPage Personal Web Server : > : > I'm sorry if this exploit has already been released, but to the best of my : > knowledge, it hasn't. This is a small exploit (written in perl) that takes : > advantage of the poor URL length handling of FrontPage 98's personal web : > server : > that is executed when you open/create a "web". This exploit will work on : > most : > machines with a perl interpreter, I coded it (and tested it, of course) on : > my : > Wind0ze 95 machine. If ya have any questions or comments about this script, : > : > feel free to Email me. : > : > : > : > : > -KerberosX : kerb [at] linuxfreak [dot] com : > : > : > : > : > : >
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:59:22 PDT