the recommended fix addresses global.asa also. thanks, mh -----Original Message----- From: Fred Donck [mailto:f.c.w.donckat_private] Sent: Friday, July 03, 1998 5:04 AM To: BUGTRAQat_private Subject: More potential ASP problems All, Apart from the reported ASP problems on both bugtraq and ntbugtraq one of my colleques pointed me to some more exploit which may be just as bad. I haven't seen any mention of it yet to both the lists Apart from the http://www.domain.com/xxxx.asp::$DATA in ASP applications there may also a http://www.domain.com/global.asa which may contain session variables and user-id/password combinations for entering databases and the like. If not patched this is also subject to the vulnerabilities. my $0.02, Fred -- -------------------- My opinions are my own ---------------------------- Fred Donck | E-mail: f.c.w.donckat_private (work) Technical Consultant | fredat_private, Voice/Fax : +31-70-3112374 | fredat_private (private) --- Idle cycles are a waste !! Check http://www.distributed.net/rc5 ----
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:02:10 PDT