pen-test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: front page extansions

from [Sergi Rosello] [Permanent Link][Original]
To: pen-test@securityfocus.com
Subject: RE: front page extansions
From: Sergi Rosello <sergi_75@yahoo.es>
Date: Tue, 29 May 2007 15:17:25 +0200 (CEST)
Delivered-to: sp-com-lists@consult.net
Delivered-to: pentest-list2@consult.net
Delivered-to: mailing list pen-test@securityfocus.com
Delivered-to: moderator for pen-test@securityfocus.com
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.es; h=X-YMail-OSG:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; b=inoMzoYSAvlPeCvlL8STc9zFC49cv1m/OhZxNlg6go8k0+1nsZjDE2i9Q3daWKsik4GvuxnAJ8Kbh0Fs+FGrnRunz3vN+a3Q+mxjygxGqMVCaF4I6SmEC9PJfKDR3pYCnM0TryqyW5OR6VSohfLbKN41qJ8wEq9s/CbMNmBkBLU=;
In-reply-to: <20070527091137.27135.qmail@securityfocus.com>
List-help: <mailto:pen-test-help@securityfocus.com>
List-id: <pen-test.list-id.securityfocus.com>
List-post: <mailto:pen-test@securityfocus.com>
List-subscribe: <mailto:pen-test-subscribe@securityfocus.com>
List-unsubscribe: <mailto:pen-test-unsubscribe@securityfocus.com>
Mailing-list: contact pen-test-help@securityfocus.com; run by ezmlm
Resent-date: Tue, 29 May 2007 19:27:16 -0600 (MDT)
Resent-from: pen-test-return-1078484273@securityfocus.com
Resent-message-id: <20070530012716.4F67D1443EB@outgoing2.securityfocus.com>
Resent-sender: listbounce@securityfocus.com
Sender: listbounce@securityfocus.com 
http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html

and also  

http://packetstormsecurity.org/9910-exploits/webfolders.txt

but, I think you need a lot of luck.... 

--- juanbabi@yahoo.com escribió:

> Hi,
> 
> in doing a pen test on a web server, the scanner
> found those urls:
> status 403 http://www.domain.com/_vti_bin/ 
> status 200 http://www.domain.com/_vti_inf.html
> status 403 http://www.domain.com/inc/
> status 301 http://www.domain.com/images/
> status 301 http://www.domain.com/faq
> 
> FrontPage Configuration Information
>     FPVersion="5.0.2.6790"
>     FPShtmlScriptUrl="_vti_bin/shtml.dll/_vti_rpc"
>     FPAuthorScriptUrl="_vti_bin/_vti_aut/author.dll"
>     FPAdminScriptUrl="_vti_bin/_vti_adm/admin.dll"
>     TPScriptUrl="_vti_bin/owssvr.dll"
> 
>  
> 
> Any idea how I can exploit those url or abuse them?
> 
> thanks a lot !
> 
> Juan
> 
>
------------------------------------------------------------------------
> This List Sponsored by: Cenzic
> 
> Are you using SPI, Watchfire or WhiteHat?
> Consider getting clear vision with Cenzic
> See HOW Now with our 20/20 program!
> 
> http://www.cenzic.com/c/2020
>
------------------------------------------------------------------------
> 
> 


------------------------------------------------------------------------------------------------------------------------------------
    Nota Legal: Este correo electrónico puede contener información 
estrictamente confidencial y es de uso exclusivo del destinatario, quedando 
prohibida a cualquier otra persona su revelación, copia, distribución, o el 
ejercicio de cualquier acción relativa a su contenido. Si ha recibido este 
correo electrónico por error, por favor, conteste al remitente, y 
posteriormente proceda a borrarlo de su sistema. Gracias por su colaboración.   
------------------------------------------------------------------------------------------------------------------------------------


       
____________________________________________________________________________________
¡Descubre una nueva forma de obtener respuestas a tus preguntas!
Entra en Yahoo! Respuestas.
http://es.answers.yahoo.com/info/welcome

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Database pen-testing tools, iko tampan
Next by Date:  Disclosure of vulns and its legal aspects..., Dark Cold Ice
Previous by Thread:  Re: front page extansions, Nikhil Wagholikar
Next by Thread:  Disclosure of vulns and its legal aspects..., Dark Cold Ice
Indexes:  [Date] [Thread] [Top] [All Lists]