lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
From: nick at ethicsdesign.com (Nick Jacobsen)
Subject: Frontpage Extensions Remote Command Execution

Has anyone even had any luck reproducing this?  I can't for the life of
me get a crash...

	-----Original Message----- 
	From: Geo. 
	Sent: Wed 11/12/2003 11:41 AM 
	To: full-disclosure@...ts.netsys.com 
	Cc: 
	Subject: RE: [Full-Disclosure] Frontpage Extensions Remote
Command Execution
	
	

	>>
	Well, for one, it's not root level.  It allows ANONYMOUS (Guest)
access
	<<
	
	No it's not, IWAM is Web Applications MANAGER account you were
thinking of
	IUSR perhaps? This is not guest. This account can change
websites so in a
	multi host environment this level of access will allow a
compromise of every
	website on the server.
	
	Geo. (I'd call that root)
	
	_______________________________________________
	Full-Disclosure - We believe in it.
	Charter: http://lists.netsys.com/full-disclosure-charter.html
	

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/ms-tnef
Size: 4498 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20031112/39be0566/attachment.bin

Powered by blists - more mailing lists