Tweet
Have been using a few script kiddie tools to evaluate a web box. The box is running IIS 5.o, w2k server. One vulnerability scanner detected /_vti_bin/shtml.exe vulnerabilities and /?pageservices vulnerabilities.
Although this box is a prod box, it does NOT have SP3 installed.
I have been doing additional research on both vulnerabilities in general and have located a file on packetstorm which details that by going into the view menu on net scape you should be able to reveal the root directories of this box. I have not been able to do this. (netscape 7.1)
In addition, running a basic port scan on this box using Solar winds network browser does not reveal SNMP info or accounts, shares, services running, etc...
On a scale of 1 to 10 how would you rate the safety of this site in relation to possible attacks. I understand how to correct the shtml.exe problem but I am unsure if installing SP3 will correct the problem with the Front page extension vulnerabilities.
Although this box is a prod box, it does NOT have SP3 installed.
I have been doing additional research on both vulnerabilities in general and have located a file on packetstorm which details that by going into the view menu on net scape you should be able to reveal the root directories of this box. I have not been able to do this. (netscape 7.1)
In addition, running a basic port scan on this box using Solar winds network browser does not reveal SNMP info or accounts, shares, services running, etc...
On a scale of 1 to 10 how would you rate the safety of this site in relation to possible attacks. I understand how to correct the shtml.exe problem but I am unsure if installing SP3 will correct the problem with the Front page extension vulnerabilities.
Comment