pen-test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

front page extansions

from [juanbabi] [Permanent Link][Original]
To: pen-test@securityfocus.com
Subject: front page extansions
From: juanbabi@yahoo.com
Date: 27 May 2007 09:11:37 -0000
Delivered-to: sp-com-lists@consult.net
Delivered-to: pentest-list2@consult.net
Delivered-to: mailing list pen-test@securityfocus.com
Delivered-to: moderator for pen-test@securityfocus.com
List-help: <mailto:pen-test-help@securityfocus.com>
List-id: <pen-test.list-id.securityfocus.com>
List-post: <mailto:pen-test@securityfocus.com>
List-subscribe: <mailto:pen-test-subscribe@securityfocus.com>
List-unsubscribe: <mailto:pen-test-unsubscribe@securityfocus.com>
Mailing-list: contact pen-test-help@securityfocus.com; run by ezmlm
Resent-date: Sun, 27 May 2007 09:15:56 -0600 (MDT)
Resent-from: pen-test-return-1078484265@securityfocus.com
Resent-message-id: <20070527151556.F0FAC143F3F@outgoing2.securityfocus.com>
Resent-sender: listbounce@securityfocus.com
Sender: listbounce@securityfocus.com 
Hi,

in doing a pen test on a web server, the scanner found those urls:
status 403 http://www.domain.com/_vti_bin/ 
status 200 http://www.domain.com/_vti_inf.html
status 403 http://www.domain.com/inc/
status 301 http://www.domain.com/images/
status 301 http://www.domain.com/faq

FrontPage Configuration Information
    FPVersion="5.0.2.6790"
    FPShtmlScriptUrl="_vti_bin/shtml.dll/_vti_rpc"
    FPAuthorScriptUrl="_vti_bin/_vti_aut/author.dll"
    FPAdminScriptUrl="_vti_bin/_vti_adm/admin.dll"
    TPScriptUrl="_vti_bin/owssvr.dll"

 

Any idea how I can exploit those url or abuse them?

thanks a lot !

Juan

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Most Successful Exploits/Tools to use against windows & Linux?, Derek Fountain
Next by Date:  Re: Re: Legality of WEP Cracking, cwright
Previous by Thread:  Shadow Security Scanner API SDK documentation, Vivek P
Next by Thread:  Re: front page extansions, Nikhil Wagholikar
Indexes:  [Date] [Thread] [Top] [All Lists]