Re: Major Security Hole IIS NT

This WebDNA talk-list message is from

1998


It keeps the original formatting.
numero = 18615
interpreted = N
texte = I would really like to see this port. It would get me on a more secure and flexible platform. -----Original Message----- From: Raymond Hatch To: WebDNA-Talk@smithmicro.com Date: Thursday, July 02, 1998 1:02 PM Subject: Re: Major Security Hole IIS NT >Holy Crap...........quick PCS, release that unix port!!! > >At 11:13 AM 7/2/98, you wrote: >>IIS reveals all special CGI Code >> >>Think no one can read your contextual searches, think again. >> >>Hit your webpage on an IIS server >> >>like http://www.yourdomain.com/special.tpl >> >>now try it like this >> >>http://www.yourdomain.com/special.tpl::$DATA >> >>All source code is revealed, even the special webdna data, >> >>this applies to all special CGI's running on IIS like ASP and Pearl. Try it. >>Hit your favorite microsoft server and add the url ::$DATA and you will see >>the special source code. >> >>Look here, this page is running Microsofts ASP and you can read it all. >> >>heheheh Pretty cool >> >>http://backoffice.microsoft.com/downtrial/default.asp::$DATA >> >>bummer is it also works on .tpl and the rest as well, I don't know about the >>encrypted pages available with 3.0 but I would be interested in hearing from >>others. >> >>Robert Minor >>Cybermill Communications >> > >Webmaster >Mind Information Systems > > >http://www.mindinfo.com > Associated Messages, from the most recent to the oldest:

    
  1. Re: Major Security Hole IIS NT (Bob Minor 1998)
  2. Re: Major Security Hole IIS NT (greg 1998)
  3. Re: Major Security Hole IIS NT (Kenneth Grome 1998)
  4. Re: Major Security Hole IIS NT (Kenneth Grome 1998)
  5. RE: Major Security Hole IIS NT (PCS Technical Support 1998)
  6. RE: Major Security Hole IIS NT (Olin 1998)
  7. Re: Major Security Hole IIS NT (Bob Minor 1998)
  8. Re: Major Security Hole IIS NT (PCS Technical Support 1998)
  9. Re: Major Security Hole IIS NT (Bob Minor 1998)
  10. Re: Major Security Hole IIS NT (Peter Ostry 1998)
  11. Re: Major Security Hole IIS NT (Bob Minor 1998)
  12. Re: Major Security Hole IIS NT (Bob Minor 1998)
  13. Major Security Hole IIS NT (Bob Minor 1998)
  14. Re: Major Security Hole IIS NT (Raymond Hatch 1998)
  15. Re: Major Security Hole IIS NT (Raymond Hatch 1998)
  16. Re: Major Security Hole IIS NT (Chuck Wall 1998)
  17. Re: Major Security Hole IIS NT (Raymond Hatch 1998)
  18. Re: Major Security Hole IIS NT (Raymond Hatch 1998)
  19. Re: Major Security Hole IIS NT (Raymond Hatch 1998)
  20. Re: Major Security Hole IIS NT (Raymond Hatch 1998)
I would really like to see this port. It would get me on a more secure and flexible platform. -----Original Message----- From: Raymond Hatch To: WebDNA-Talk@smithmicro.com Date: Thursday, July 02, 1998 1:02 PM Subject: Re: Major Security Hole IIS NT >Holy Crap...........quick PCS, release that unix port!!! > >At 11:13 AM 7/2/98, you wrote: >>IIS reveals all special CGI Code >> >>Think no one can read your contextual searches, think again. >> >>Hit your webpage on an IIS server >> >>like http://www.yourdomain.com/special.tpl >> >>now try it like this >> >>http://www.yourdomain.com/special.tpl::$DATA >> >>All source code is revealed, even the special webdna data, >> >>this applies to all special CGI's running on IIS like ASP and Pearl. Try it. >>Hit your favorite microsoft server and add the url ::$DATA and you will see >>the special source code. >> >>Look here, this page is running Microsofts ASP and you can read it all. >> >>heheheh Pretty cool >> >>http://backoffice.microsoft.com/downtrial/default.asp::$DATA >> >>bummer is it also works on .tpl and the rest as well, I don't know about the >>encrypted pages available with 3.0 but I would be interested in hearing from >>others. >> >>Robert Minor >>Cybermill Communications >> > >Webmaster >Mind Information Systems > > >http://www.mindinfo.com > Bob Minor

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

[WebDNA] HTML [sendmail] revisited (2009) Generating Report Totals (1997) forms and variables (1998) Frames and WebCat (1997) Caching [include] files ... (1997) Shed some light on web delivery? (2000) How to Ignore Your Best Customers (2003) Help!!!! (1997) [BULK] [WebDNA] Authorize.net SIM, Server Integration (2011) WebCatalog Plug-in for Webstar. (1997) New WebCatalog site! (1997) problems with 2 tags shakur (1997) Summing Fields (1998) Advice (2003) WebCat2b13MacPlugIn - [include] (1997) WebCat2b14MacPlugIn - [include] doesn't hide the search string (1997) [WebDNA] Domain upgrade questions (2009) New Command prefs ... (1997) moved shoppingCarts folder... now there's nothing in it. (2001) WebCat with WebTen (1998)