Insecure FrontPage extension configuration

Prathap

Published on

26 Jun 2022

1 min read

An application’s Web server and application server configurations have a major role in securing the web application. There are many HTML pages that contain information about the front page extensions. This information will help the attacker to plan a successful intrusion attack to enable him to inject code into a user’s session. The attacker can also manipulate the vulnerable application to include malicious script content into the dynamic pages.

When a file is uploaded using frontpage, it will first fetch the file and upload it using POST to the web server using http://www.example.beaglesecurity.com/_vti_bin/shtml.exe/_vti_rpc. If the server binary is not password protected, an attacker can easily upload data without any issues. Frontpage keeps all its configuration files as text files and is present in the _vti_pvt directory. An attacker can view this folder via the browser and all the files and their contents.

Example

The below URL can be used to access the passwords of the web application that uses Frontpage.

http://www.example.beaglesecurity.com/_vti_pvt/administrators.pwd

Impact

The impact include:-

Data Breach
Manipulation of data
The attacker can get full access to the server.

Mitigation / Precaution

Beagle recommends the following fixes:-

Restrict the access to files in the webroot.
Install patch fix for fixing this vulnerability.
Apply the latest security updates for Frontpage.

Automated human-like penetration testing for your web apps & APIs

Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.

Product tour

Written by