An application’s Web server and application server configurations have a major role in securing the web application. There are many HTML pages that contain information about the front page extensions. This information will help the attacker to plan a successful intrusion attack to enable him to inject code into a user’s session. The attacker can also manipulate the vulnerable application to include malicious script content into the dynamic pages.
When a file is uploaded using frontpage, it will first fetch the file and upload it using POST to the web server using http://www.example.beaglesecurity.com/_vti_bin/shtml.exe/_vti_rpc. If the server binary is not password protected, an attacker can easily upload data without any issues. Frontpage keeps all its configuration files as text files and is present in the _vti_pvt directory. An attacker can view this folder via the browser and all the files and their contents.
The below URL can be used to access the passwords of the web application that uses Frontpage.
The impact include:-
Beagle recommends the following fixes:-