pen-test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: front page extansions

from [Nikhil Wagholikar] [Permanent Link][Original]
To: pen-test@securityfocus.com
Subject: Re: front page extansions
From: "Nikhil Wagholikar" <visitnikhil@gmail.com>
Date: Mon, 28 May 2007 10:10:06 +0530
Delivered-to: sp-com-lists@consult.net
Delivered-to: pentest-list2@consult.net
Delivered-to: mailing list pen-test@securityfocus.com
Delivered-to: moderator for pen-test@securityfocus.com
Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=VGtfvimgRHFBusnrEG7k6rPVk2ne6brKPSdPOTdBNaUvaAUjS+YJ+5fSHjyYgcYnwZHUz+qUAaOGqftO6kZiULVqh3bd0MexgDPLCPm/8YdPvfnb5nzJGBjQBgwd6oX1T4sDrV3JqzYERaCYKNRHnf+axMc/qPi+aQnBeDq23No=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=TNJTFFigZ1tnTPVAu6M1tioQrLZGVslycdvo7kR4c3uBHBdS4UC9uhTNQyfhsjprFZE9SeShD5w5zrwcxL3MG16CA9lySf6Zl5jIYXwzpMAnz0S121a+X5ACWda/hdaXkLCV4d8qG6+I0qa5u43iVhxXeSwsx7og0K8u3pYHReg=
In-reply-to: <20070527091137.27135.qmail@securityfocus.com>
List-help: <mailto:pen-test-help@securityfocus.com>
List-id: <pen-test.list-id.securityfocus.com>
List-post: <mailto:pen-test@securityfocus.com>
List-subscribe: <mailto:pen-test-subscribe@securityfocus.com>
List-unsubscribe: <mailto:pen-test-unsubscribe@securityfocus.com>
Mailing-list: contact pen-test-help@securityfocus.com; run by ezmlm
References: <20070527091137.27135.qmail@securityfocus.com>
Resent-date: Tue, 29 May 2007 19:25:45 -0600 (MDT)
Resent-from: pen-test-return-1078484268@securityfocus.com
Resent-message-id: <20070530012545.7F3D7143731@outgoing2.securityfocus.com>
Resent-sender: listbounce@securityfocus.com
Sender: listbounce@securityfocus.com 
Hello Juanbabi,
Nessus is one of the best alternative to exploit frontpage extensions.
The other alternative to give a try is Metasploit.

--
Nikhil Wagholikar
Security Analyst


NII Consulting
Web: www.niiconsulting.com
On 27 May 2007 09:11:37 -0000, juanbabi@yahoo.com <juanbabi@yahoo.com> wrote:

Hi,


in doing a pen test on a web server, the scanner found those urls:

status 403 http://www.domain.com/_vti_bin/

status 200 http://www.domain.com/_vti_inf.html

status 403 http://www.domain.com/inc/

status 301 http://www.domain.com/images/

status 301 http://www.domain.com/faq


FrontPage Configuration Information

   FPVersion="5.0.2.6790"

   FPShtmlScriptUrl="_vti_bin/shtml.dll/_vti_rpc"

   FPAuthorScriptUrl="_vti_bin/_vti_aut/author.dll"

   FPAdminScriptUrl="_vti_bin/_vti_adm/admin.dll"

   TPScriptUrl="_vti_bin/owssvr.dll"





Any idea how I can exploit those url or abuse them?


thanks a lot !


Juan

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------




------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Re: Legality of WEP Cracking, cwright
Next by Date:  Citrix Pen Test,, IRM
Previous by Thread:  front page extansions, juanbabi
Next by Thread:  RE: front page extansions, Sergi Rosello
Indexes:  [Date] [Thread] [Top] [All Lists]