Re: Major Security Hole IIS NT
This WebDNA talk-list message is from 1998
It keeps the original formatting.
numero = 18615
interpreted = N
texte = I would really like to see this port. It would get me on a more secure andflexible platform.-----Original Message-----From: Raymond Hatch
To: WebDNA-Talk@smithmicro.com Date: Thursday, July 02, 1998 1:02 PMSubject: Re: Major Security Hole IIS NT>Holy Crap...........quick PCS, release that unix port!!!>>At 11:13 AM 7/2/98, you wrote:>>IIS reveals all special CGI Code>>>>Think no one can read your contextual searches, think again.>>>>Hit your webpage on an IIS server>>>>like http://www.yourdomain.com/special.tpl>>>>now try it like this>>>>http://www.yourdomain.com/special.tpl::$DATA>>>>All source code is revealed, even the special webdna data,>>>>this applies to all special CGI's running on IIS like ASP and Pearl. Tryit.>>Hit your favorite microsoft server and add the url ::$DATA and you willsee>>the special source code.>>>>Look here, this page is running Microsofts ASP and you can read it all.>>>>heheheh Pretty cool>>>>http://backoffice.microsoft.com/downtrial/default.asp::$DATA>>>>bummer is it also works on .tpl and the rest as well, I don't know aboutthe>>encrypted pages available with 3.0 but I would be interested in hearingfrom>>others.>>>>Robert Minor>>Cybermill Communications>>>>Webmaster>Mind Information Systems>>>http://www.mindinfo.com>
Associated Messages, from the most recent to the oldest:
I would really like to see this port. It would get me on a more secure andflexible platform.-----Original Message-----From: Raymond Hatch To: WebDNA-Talk@smithmicro.com Date: Thursday, July 02, 1998 1:02 PMSubject: Re: Major Security Hole IIS NT>Holy Crap...........quick PCS, release that unix port!!!>>At 11:13 AM 7/2/98, you wrote:>>IIS reveals all special CGI Code>>>>Think no one can read your contextual searches, think again.>>>>Hit your webpage on an IIS server>>>>like http://www.yourdomain.com/special.tpl>>>>now try it like this>>>>http://www.yourdomain.com/special.tpl::$DATA>>>>All source code is revealed, even the special webdna data,>>>>this applies to all special CGI's running on IIS like ASP and Pearl. Tryit.>>Hit your favorite microsoft server and add the url ::$DATA and you willsee>>the special source code.>>>>Look here, this page is running Microsofts ASP and you can read it all.>>>>heheheh Pretty cool>>>>http://backoffice.microsoft.com/downtrial/default.asp::$DATA>>>>bummer is it also works on .tpl and the rest as well, I don't know aboutthe>>encrypted pages available with 3.0 but I would be interested in hearingfrom>>others.>>>>Robert Minor>>Cybermill Communications>>>>Webmaster>Mind Information Systems>>>http://www.mindinfo.com>
Bob Minor
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
[WebDNA] HTML [sendmail] revisited (2009)
Generating Report Totals (1997)
forms and variables (1998)
Frames and WebCat (1997)
Caching [include] files ... (1997)
Shed some light on web delivery? (2000)
How to Ignore Your Best Customers (2003)
Help!!!! (1997)
[BULK] [WebDNA] Authorize.net SIM, Server Integration (2011)
WebCatalog Plug-in for Webstar. (1997)
New WebCatalog site! (1997)
problems with 2 tags shakur (1997)
Summing Fields (1998)
Advice (2003)
WebCat2b13MacPlugIn - [include] (1997)
WebCat2b14MacPlugIn - [include] doesn't hide the search string (1997)
[WebDNA] Domain upgrade questions (2009)
New Command prefs ... (1997)
moved shoppingCarts folder... now there's nothing in it. (2001)
WebCat with WebTen (1998)