-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Just a quick reply... One should always turn off detail ODBC error logging on production systems. When you do so, you would get a standard "Internal Server Error" by default rather than the detailed errors. This is true for IIS 4.0 and 5.0. hth At 04:45 PM 11/12/2001 -0300, KeRoZeNe [Hackemate] wrote: >When you ask for a certain URL, it shows the real path of >the Web Site files in the server. >It can be exploited this way: >http://www.website.com/default.asp?sector=anything > >For example: >http://www.tectimes.com/SistemaMas/default.asp?sector=lamers > >It will respond with the nexy data: > > >error '80020009' >Exception occurred. > >D:\SITIOS_WEB\TECTIMES\NUEVO\SISTEMAMAS\../body.htm, line 74 > -----BEGIN PGP SIGNATURE----- Version: PGP 7.1 iQA/AwUBO/BWg4hsmyD15h5gEQI/swCgkwmsL96IF9dL/KK+NAE5CQEt1NAAniDQ eORoCbZMaO+K91837kHdFmHB =AOfB -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Mon Nov 12 2001 - 15:23:58 PST