Member-only story
I found microsoft server extensions ( vti_pvt)
The service.cnf file was found in the _vti_pvt directory on a system running Microsoft FrontPage Server Extensions. This file contains meta-information about the web server. An attacker could submit a request for the vulnerable file and cause the server to reveal sensitive system information. The attacker could use this information to launch further attacks against the affected host. Recommendations include removing this file from the system if it is not needed, or tightening the default permission settings.
Explanation
With the default permission settings being too lenient, an attacker could submit a GET request to the server for the service.cnf file in the /_vti_pvt/ directory. A successful GET request would cause the host to reveal sensitive system information. The attacker could then use this information to launch further attacks against the affected host.
GET /_vti_pvt/service.cnf HTTP/1.1
Referer: xyz.com
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Accept: */*
Pragma: no-cache
Host: xyz.com
X-Scan-Memo: Category=”Audit”; Function=”createStateRequestFromAttackDefinition”; SID=”72D2517010E234E2060E83A6AE5643C7"; PSID=”3B5C6D4258EDE9E2520272F502F91B6B”; SessionType=”AuditAttack”; CrawlType=”None”; AttackType=”Server”; OriginatingEngineID=”3a7ec23a-f5cb-4b05–96a6–1b112f48f417"; AttackSequence=”0"; AttackParamDesc=””; AttackParamIndex=”0"; AttackParamSubIndex=”0"; CheckId=”85"; Engine=”Known”; Retry=”False”; SmartMode=”NonServerSpecificOnly”; ThreadId=”39"; ThreadType=”AuditDBReaderSessionDrivenAudit”;
Connection: Keep-Alive
Cookie: CustomCookie=****************A2CCD6849B0A63D3EFF65615601Y3637;status=yes;username=;userid=;sessionid=;ASPSESSIONIDCARBTACT=MFDJMBECOPCHKADHOLMNBJPL;state=
For Security Operations:
If the file is not needed, remove it from the system. All FrontPage functionality will be lost, and no FrontPage…
