Tom,
I really don't have access to a copy of FP2000. If someone does, and would
like to test the exploit, I'd appreciate any feedback possible. I would
suspect that the overflow still exists, being that most/all MS products are of
little worth. One thing that would really help in the server would be to block
access from all IP's except 127.0.0.1.
-Kerb
On Tuesday, August 24, 1999 2:44 PM, Thomas Hsieh [SMTP:[EMAIL PROTECTED]]
wrote:
: Have you tested this exploint on FP2000?
:
:
: -Tom
:
: On Mon, 23 Aug 1999, Kerb wrote:
:
: > Date: Mon, 23 Aug 1999 03:28:39 -0500
: > From: Kerb <[EMAIL PROTECTED]>
: > To: [EMAIL PROTECTED]
: > Subject: FrontPage Personal Web Server
: >
: > I'm sorry if this exploit has already been released, but to the best of my
: > knowledge, it hasn't. This is a small exploit (written in perl) that takes
: > advantage of the poor URL length handling of FrontPage 98's personal web
: > server
: > that is executed when you open/create a "web". This exploit will work on
: > most
: > machines with a perl interpreter, I coded it (and tested it, of course) on
: > my
: > Wind0ze 95 machine. If ya have any questions or comments about this
script,
: >
: > feel free to Email me.
: >
: >
: >
: >
: > -KerberosX : kerb [at] linuxfreak [dot] com
: >
: >
: >
: >
: >
: >