All, Apart from the reported ASP problems on both bugtraq and ntbugtraq one of my colleques pointed me to some more exploit which may be just as bad. I haven't seen any mention of it yet to both the lists Apart from the http://www.domain.com/xxxx.asp::$DATA in ASP applications there may also a http://www.domain.com/global.asa which may contain session variables and user-id/password combinations for entering databases and the like. If not patched this is also subject to the vulnerabilities. my $0.02, Fred -- -------------------- My opinions are my own ---------------------------- Fred Donck | E-mail: f.c.w.donckat_private (work) Technical Consultant | fredat_private, Voice/Fax : +31-70-3112374 | fredat_private (private) --- Idle cycles are a waste !! Check http://www.distributed.net/rc5 ----
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:02:02 PDT