Microsoft Site Server is designed to run on Microsoft Windows NT Server platforms. It provides a means for users on a corporate intranet to share, publish, and find information. Site Server Commerce Edition incorporates the same features as well as providing an interface for e-commerce sites to interact and conduct business with customers and suppliers. Various administrative pages can be accessed by unprivileged, non-administrative Microsoft Site Server users. Such pages contain a plethora of sensitive information, which may be used by a malicious user to aid in attacks against the host running the vulnerable software. Additionally, some sensitive pages allow non-administrative users to modify data. These pages all reside in the /SiteServer/Admin/ directory. The following is a list of pages that may be accessed by non-administrative users: findvserver.asp, domain.asp, driver.asp, DSN.asp, GroupManager.asp, UserManager.asp, default.asp, vs.asp, VsTmPr.asp, VsLsLpRd.asp, and...
Microsoft Site Server is designed to run on Microsoft Windows NT Server platforms. It provides a means for users on a corporate intranet to share, publish, and find information. Site Server Commerce Edition incorporates the same features as well as providing an interface for e-commerce sites to interact and conduct business with customers and suppliers. Various administrative pages can be accessed by unprivileged, non-administrative Microsoft Site Server users. Such pages contain a plethora of sensitive information, which may be used by a malicious user to aid in attacks against the host running the vulnerable software. Additionally, some sensitive pages allow non-administrative users to modify data. These pages all reside in the /SiteServer/Admin/ directory. The following is a list of pages that may be accessed by non-administrative users: findvserver.asp, domain.asp, driver.asp, DSN.asp, GroupManager.asp, UserManager.asp, default.asp, vs.asp, VsTmPr.asp, VsLsLpRd.asp, and VsPrAuoEd.asp. Specifically, non-administrative users may view source code, information stored in META tags, view domain information, driver information, possibly modify LDAP users/groups, etc. This issue is especially serious considering the existence of a default LDAP anonymous account, as described in BugTraq ID 3998 "Microsoft Site Server 3.0 Default Account Vulnerability". It should be noted that in Microsoft Site Server 3.0 Commerce Edition, the driver.asp page is not accessible in this manner.
