Re: Major Security Hole IIS NT

This WebDNA talk-list message is from

1998


It keeps the original formatting.
numero = 18628
interpreted = N
texte = Another work around is to creat a file that has the search code it it and use the include tad. That way all they will see is the tag.At 11:13 AM 7/2/98, you wrote: >IIS reveals all special CGI Code > >Think no one can read your contextual searches, think again. > >Hit your webpage on an IIS server > >like http://www.yourdomain.com/special.tpl > >now try it like this > >http://www.yourdomain.com/special.tpl::$DATA > >All source code is revealed, even the special webdna data, > >this applies to all special CGI's running on IIS like ASP and Pearl. Try it. >Hit your favorite microsoft server and add the url ::$DATA and you will see >the special source code. > >Look here, this page is running Microsofts ASP and you can read it all. > >heheheh Pretty cool > >http://backoffice.microsoft.com/downtrial/default.asp::$DATA > >bummer is it also works on .tpl and the rest as well, I don't know about the >encrypted pages available with 3.0 but I would be interested in hearing from >others. > >Robert Minor >Cybermill Communications > Associated Messages, from the most recent to the oldest:

    
  1. Re: Major Security Hole IIS NT (Bob Minor 1998)
  2. Re: Major Security Hole IIS NT (greg 1998)
  3. Re: Major Security Hole IIS NT (Kenneth Grome 1998)
  4. Re: Major Security Hole IIS NT (Kenneth Grome 1998)
  5. RE: Major Security Hole IIS NT (PCS Technical Support 1998)
  6. RE: Major Security Hole IIS NT (Olin 1998)
  7. Re: Major Security Hole IIS NT (Bob Minor 1998)
  8. Re: Major Security Hole IIS NT (PCS Technical Support 1998)
  9. Re: Major Security Hole IIS NT (Bob Minor 1998)
  10. Re: Major Security Hole IIS NT (Peter Ostry 1998)
  11. Re: Major Security Hole IIS NT (Bob Minor 1998)
  12. Re: Major Security Hole IIS NT (Bob Minor 1998)
  13. Major Security Hole IIS NT (Bob Minor 1998)
  14. Re: Major Security Hole IIS NT (Raymond Hatch 1998)
  15. Re: Major Security Hole IIS NT (Raymond Hatch 1998)
  16. Re: Major Security Hole IIS NT (Chuck Wall 1998)
  17. Re: Major Security Hole IIS NT (Raymond Hatch 1998)
  18. Re: Major Security Hole IIS NT (Raymond Hatch 1998)
  19. Re: Major Security Hole IIS NT (Raymond Hatch 1998)
  20. Re: Major Security Hole IIS NT (Raymond Hatch 1998)
Another work around is to creat a file that has the search code it it and use the include tad. That way all they will see is the tag.At 11:13 AM 7/2/98, you wrote: >IIS reveals all special CGI Code > >Think no one can read your contextual searches, think again. > >Hit your webpage on an IIS server > >like http://www.yourdomain.com/special.tpl > >now try it like this > >http://www.yourdomain.com/special.tpl::$DATA > >All source code is revealed, even the special webdna data, > >this applies to all special CGI's running on IIS like ASP and Pearl. Try it. >Hit your favorite microsoft server and add the url ::$DATA and you will see >the special source code. > >Look here, this page is running Microsofts ASP and you can read it all. > >heheheh Pretty cool > >http://backoffice.microsoft.com/downtrial/default.asp::$DATA > >bummer is it also works on .tpl and the rest as well, I don't know about the >encrypted pages available with 3.0 but I would be interested in hearing from >others. > >Robert Minor >Cybermill Communications > greg

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Search for 20 finds 2000, 200 Why? (1997) Emailer Set Up (1997) Cart Numbers (1997) PCS Customer submissions ? (1997) Line Feed Character Appended (1998) Configuring E-mail (1997) Storing dates (was: Ticket Ordering Question) (2003) Simple way to create unique SKU (1997) I'm new be kind (1997) Public beta 2 for WebCatalog 4.0 is now available. (2000) Shopping Cart Limits? (1998) RE: Remote administration (1998) Faxing orders in place of email (1997) Moving a record from one dataabse to another. (2000) WebCat2.0 [format thousands .0f] no go (1997) Code Question (2001) Plugin or CGI or both (1997) mod_webcatalog2.so.2-40 is garbled (2008) [TaxableTotal] - not working with AOL and IE (1997) [Listfiles] vs Netfinder (1997)