httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ben Yau" <b...@cardcommerce.com>
Subject RE: [users@httpd] Microsoft FrontPage extensions
Date Tue, 27 Jan 2004 22:00:35 GMT

>
> P.S. You might want to tell your client that FrontPage
> extensions have security issues. That is, I THINK they
> do. I'm not that knowledgeable about security, but
> someone was hacking my website, and my old (Windows)
> ISP told me FrontPage extensions presented all sorts
> of security issues.
>
>
>

I also had my web page hacked as well due to front page.  I read an article
about it and it seems to be an easy and well-known hack.  Basically, you can
use Microsoft's Web Publishing Wizard to do change management on your web
pages.  The thing is you could actually use the Wizard to do "change
management" on ANY web page that allowed updates from the Publishing Wizard
.  So you create your index.html, and in the change/update screen you put
some website that supports the Wizard and voila!  You've overwritten their
index.html.

Never tried it myself as I don't have MS Web publishing software, but thats'
what the article said and the feedback on it was pretty positive (like
"Dude! This works! That's awesome!" and things like that)


Ben



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message