Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: front page extansions

from [Sergi Rosello] Network Security [Permanent Link]
Subject: RE: front page extansions
Date: Tue, 29 May 2007 15:17:25 +0200 (CEST) 

http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html

and also  

http://packetstormsecurity.org/9910-exploits/webfolders.txt

but, I think you need a lot of luck.... 

--- juanbabi@yahoo.com escribió:


Hi,

in doing a pen test on a web server, the scanner
found those urls:
status 403 http://www.domain.com/_vti_bin/ 
status 200 http://www.domain.com/_vti_inf.html
status 403 http://www.domain.com/inc/
status 301 http://www.domain.com/images/
status 301 http://www.domain.com/faq

FrontPage Configuration Information
    FPVersion="5.0.2.6790"
    FPShtmlScriptUrl="_vti_bin/shtml.dll/_vti_rpc"
    FPAuthorScriptUrl="_vti_bin/_vti_aut/author.dll"
    FPAdminScriptUrl="_vti_bin/_vti_adm/admin.dll"
    TPScriptUrl="_vti_bin/owssvr.dll"

 

Any idea how I can exploit those url or abuse them?

thanks a lot !

Juan



------------------------------------------------------------------------

This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020


------------------------------------------------------------------------






------------------------------------------------------------------------------------------------------------------------------------
    Nota Legal: Este correo electrónico puede contener información 
estrictamente confidencial y es de uso exclusivo del destinatario, quedando 
prohibida a cualquier otra persona su revelación, copia, distribución, o el 
ejercicio de cualquier acción relativa a su contenido. Si ha recibido este 
correo electrónico por error, por favor, conteste al remitente, y 
posteriormente proceda a borrarlo de su sistema. Gracias por su colaboración.   
------------------------------------------------------------------------------------------------------------------------------------


       
____________________________________________________________________________________
¡Descubre una nueva forma de obtener respuestas a tus preguntas!
Entra en Yahoo! Respuestas.
http://es.answers.yahoo.com/info/welcome

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Database pen-testing tools, iko tampan
Next by Date:  Re: Pentesting Openmail Web login, pagvac
Previous by Thread:  front page extansions, juanbabi
Next by Thread:  Re: front page extansions, Nikhil Wagholikar
Indexes:  [Date] [Thread] [Top] [All Lists]