RE: proxying exploit attempts

From: Sparks, Alan <asparks@dont-contact.us>
Date: Mon, 8 Feb 1999 08:56:06 -0800

> From: Andrew Daviel [mailto:andrew@andrew.triumf.ca]
> /_vti_pvt/service.pwd
>
> _vti_pvt I presume is from NT.

The /_vti_pvt/ exploit is an attempt to grab the password file as stored by
Microsoft FrontPage (a file in the .htpasswd format). can
store the usernames and crypted passwords of readers and (more importantly)
authors. Certain versions of Windows-based Web servers could be tricked into
serving private files even though configured not to (because of the Windows
filesystem). UNIX-based servers are immune to the attack.

> Deniable unless digitally signed
> Andrew Daviel, TRIUMF, Canada

-Alan
Received on Mon Feb 08 1999 - 09:57:06 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:44:29 MST