More potential ASP problems

• Previous message: J.A. Gutierrez: "more about 'at'"
• Next in thread: Paul Ashton: "Re: More potential ASP problems"
• Reply: Paul Ashton: "Re: More potential ASP problems"
• Reply: Michael Howard: "Re: More potential ASP problems"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

All,

Apart from the reported ASP problems on both bugtraq and ntbugtraq one of my
colleques pointed me to some more exploit which may be just as bad. I
haven't seen any mention of it yet to both the lists

Apart from the http://www.domain.com/xxxx.asp::$DATA in ASP applications
there may also a http://www.domain.com/global.asa which may contain session
variables and user-id/password combinations for entering databases and the
like.

If not patched this is also subject to the vulnerabilities.

my $0.02,
Fred
--
-------------------- My opinions are my own ----------------------------
 Fred Donck                  | E-mail: f.c.w.donckat_private (work)
 Technical Consultant        |         fredat_private,
 Voice/Fax : +31-70-3112374  |         fredat_private     (private)
--- Idle cycles are a waste !! Check http://www.distributed.net/rc5 ----

• Next message: Chris Evans: "Re: SECURITY: RedHat: The saga continues"
• Previous message: J.A. Gutierrez: "more about 'at'"
• Next in thread: Paul Ashton: "Re: More potential ASP problems"
• Reply: Paul Ashton: "Re: More potential ASP problems"
• Reply: Michael Howard: "Re: More potential ASP problems"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:02:02 PDT