Gotta Love FrontPage?
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Gotta Love FrontPage?

  1. #1
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786

    Gotta Love FrontPage?

    its hard to beleive that frontpage is still being used.

    Ah its new and improved with increased securiry. No more double dot and no more null password problems. well the folks at Kotik (i know its not spelled right) have today released code for MS03-051, that:

    Binds persistent command shell on port 9999

    Windows 2000 Professional SP3 English version
    (fp30reg.dll ver 4.0.2.5526)

    -[ 13/Nov/2003 ]-

    Actually the code isnt the only way to open a hole:

    Another vulnerability exists because of a buffer overrun in the remote debug functionality of FrontPage Server Extensions. This functionality enables users to remotely connect to a server running FrontPage Server Extensions and remotely debug content using, for example, Visual Interdev. An attacker who successfully exploited this vulnerability could be able to run code with IWAM_machinename account privileges on an affected system.


    <<<<<<<<<<<<<<<<<<<<<-=O=->>>>>>>>>>>>>>>>>>>>>>

    << <please take note...the web-site only has to have the server extionsions installed to be vulnerable. Win2k has then installed by default >>

    <<<<<<<<<<<<<<<<<<<<<-=O=->>>>>>>>>>>>>>>>>>>>>>


    The information in this article applies to:

    FrontPage 2000 Server Extensions from Microsoft
    FrontPage 2002 Server Extensions from Microsoft
    SharePoint Team Services from Microsoft
    Microsoft Office XP


    Work around:

    remove front page server extentions. how many times do you have to be told?

    or (if you must)

    get the patches and learn more:

    http://www.microsoft.com/technet/tre...n/MS03-051.asp

    in-f#$%ing-credable
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  2. #2
    Banned
    Join Date
    Sep 2002
    Posts
    222
    Hehe, thanks for posting mate. I don't think they're ever gonna get this one right.. *sigh*

  3. #3
    @ŽΜĮЙǐЅŦГǻţΩЯ D0pp139an93r's Avatar
    Join Date
    May 2003
    Location
    St. Petersburg, FL
    Posts
    1,696
    /me shakes my head.

    If it wasn't for Microsoft and all their "features", I wouldn't make half of the money I do right now. Tomorrow I have to go remove a trojan from a lady's computer. (If there is one, I'm not quite sure from what she was sayin...But she's convinced there is one.)

    Besides, the user is just as responsible as the software maker when it comes to security. The information is out there, people need to learn to stop looking at brand names and do some research on their own. This is just another example of why people need to keep up with security updates.

    *cough* Linux *cough*
    LOL.
    Real security doesn't come with an installer.

  4. #4
    Old Fart
    Join Date
    Jun 2002
    Posts
    1,658
    Come on Bill, say it...you'll feel better, it'll be a liberating experience. Come on Bill, you won't regret it....

    "Dream Weaver is good....Dream Weaver IS good."

    There, you see? Doesn't that feel better?

    No Bill...you can't go buy the company...you don't want anymore of that nasty business with the FTC do you? Now get back on the couch and lets talk about a little thing called Linux....
    Al
    It isn't paranoia when you KNOW they're out to get you...

  5. #5
    Senior Member
    Join Date
    Sep 2003
    Posts
    500
    Too late www.mslinux.com

    edit: make that a .org
    www.mslinux.org
    You shall no longer take things at second or third hand,
    nor look through the eyes of the dead...You shall listen to all
    sides and filter them for your self.
    -Walt Whitman-

  6. #6
    "MS Linux is released under the provisions of the Gates Private License, which means you can freely use this Software on a single machine without warranty after having paid the purchase price and annual renewal fees."

    That's great! Hahah!

    Good notes about FrontPage. Stoped using it some time back. Shame though, it was so easy if you didn't want to deal with scripting and coding for small updates and changes. Macromedia kicks butt, tho.

    l00p

  7. #7
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    ms should get involved in germ warfare. they just might stumble accross a cure for everything
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  8. #8
    I use Adobe GoLive, I hear Dreamweaver is awesome as well, but whats frontpage like? Is it easy to use or something?

  9. #9
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    frontpage is allot like using ms-word. if you can use office you can use frontpage. its that easy. its just NEVER been secure.

    i had a friend build a site in DW4. asked me to check it out. it opened in frontpage allowed me to change anything i wanted and all because the extentions were installed by default. with no password. he didn't even know they were there.

    although the ways of exploiting fp are becoming more complicated the fact is there always seems to be ways.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  10. #10
    Junior Member
    Join Date
    Nov 2003
    Posts
    11
    FrontPage * new and improved * LOL :-) [DUH..]

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •