RE: Outlook Web Access view include files vulnerability

From: danmillerat_private
Date: Wed Feb 20 2002 - 09:27:02 PST

Next message: Rodrigo Barbosa: "Re: slocate bug."

Previous message: Wodahs Latigid: "Re: slocate bug."
Maybe in reply to: mafj: "Outlook Web Access view include files vulnerability"
Next in thread: Eric: "Re: Outlook Web Access view include files vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Do not let web users access asp include files. They should
only be accessed by the user running the asp scripts
(usually IWAM_MACHINENAME). I used to associate .inc files
with the asp dll so that the source wouldn't be returned to
the user (if you have patched all the MS view source bugs),
but I don't know if you can pass parameters to them or if
there would be any other ill
effects.

Next message: Rodrigo Barbosa: "Re: slocate bug."
Previous message: Wodahs Latigid: "Re: slocate bug."
Maybe in reply to: mafj: "Outlook Web Access view include files vulnerability"
Next in thread: Eric: "Re: Outlook Web Access view include files vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Feb 21 2002 - 12:19:59 PST