Microsoft FrontPage Server Extensions configuration files were accessible, exposing version details, directory paths, and other configurations. This was a common misconfiguration on old (2000s) IIS servers with FrontPage Server Extensions installed.
PoC代码[已公开]
id: ms-front-page-misconfig
info:
name: Microsoft FrontPage Configuration - Exposure
author: JTeles,pikpikcu
severity: low
description: |
Microsoft FrontPage Server Extensions configuration files were accessible, exposing version details, directory paths, and other configurations. This was a common misconfiguration on old (2000s) IIS servers with FrontPage Server Extensions installed.
reference:
- https://docs.microsoft.com/en-us/archive/blogs/fabdulwahab/security-protecting-sharepoint-server-applications
- https://www.tenable.com/plugins/was/112772
- https://stackoverflow.com/questions/1163820/what-are-vti-cnf-vti-pvt-vti-script-and-vti-txt-folders
metadata:
verified: true
max-request: 2
tags: misconfig,exposure,frontpage,microsoft,vuln
http:
- method: GET
path:
- "{{BaseURL}}/_vti_inf.html"
- "{{BaseURL}}/_vti_pvt/service.cnf"
- "{{BaseURL}}/_vti_pvt/access.cnf"
- "{{BaseURL}}/_vti_txt/default.wti/All.cat"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "vti_extenderversion:"
- "FPVersion="
- "PasswordDir:"
- "Catalog for database:"
- type: status
status:
- 200
# digest: 4a0a0047304502210085c1f055402b7700664d75f0d9327fceb3adcdafb3792a02931b2d2ab13330150220024fa562eadf85e666d9f219cca316f56eea727d409500f33c136bcdfc49b7f3:922c64590222798bb761d5b6d8e72950