Re: Major Security Hole IIS NT

This WebDNA talk-list message is from

1998

It keeps the original formatting. numero = 18605
interpreted = N
texte = great idea but unfortunately the include tag will point to the filelocation that they can go to and look at it there.RayAt 04:04 PM 7/2/98, you wrote:>Another work around is to creat a file that has the search code it it and>use the include tad. That way all they will see is the tag.>>>>At 11:13 AM 7/2/98, you wrote:>>IIS reveals all special CGI Code>>>>Think no one can read your contextual searches, think again.>>>>Hit your webpage on an IIS server>>>>like http://www.yourdomain.com/special.tpl>>>>now try it like this>>>>http://www.yourdomain.com/special.tpl::$DATA>>>>All source code is revealed, even the special webdna data,>>>>this applies to all special CGI's running on IIS like ASP and Pearl. Try it.>>Hit your favorite microsoft server and add the url ::$DATA and you will see>>the special source code.>>>>Look here, this page is running Microsofts ASP and you can read it all.>>>>heheheh Pretty cool>>>>http://backoffice.microsoft.com/downtrial/default.asp::$DATA>>>>bummer is it also works on .tpl and the rest as well, I don't know about the>>encrypted pages available with 3.0 but I would be interested in hearing from>>others.>>>>Robert Minor>>Cybermill Communications>> > WebmasterMind Information Systemshttp://www.mindinfo.com Associated Messages, from the most recent to the oldest:

Re: Major Security Hole IIS NT (Bob Minor 1998)
Re: Major Security Hole IIS NT (greg 1998)
Re: Major Security Hole IIS NT (Kenneth Grome 1998)
Re: Major Security Hole IIS NT (Kenneth Grome 1998)
RE: Major Security Hole IIS NT (PCS Technical Support 1998)
RE: Major Security Hole IIS NT (Olin 1998)
Re: Major Security Hole IIS NT (Bob Minor 1998)
Re: Major Security Hole IIS NT (PCS Technical Support 1998)
Re: Major Security Hole IIS NT (Bob Minor 1998)
Re: Major Security Hole IIS NT (Peter Ostry 1998)
Re: Major Security Hole IIS NT (Bob Minor 1998)
Re: Major Security Hole IIS NT (Bob Minor 1998)
Major Security Hole IIS NT (Bob Minor 1998)
Re: Major Security Hole IIS NT (Raymond Hatch 1998)
Re: Major Security Hole IIS NT (Raymond Hatch 1998)
Re: Major Security Hole IIS NT (Chuck Wall 1998)
Re: Major Security Hole IIS NT (Raymond Hatch 1998)
Re: Major Security Hole IIS NT (Raymond Hatch 1998)
Re: Major Security Hole IIS NT (Raymond Hatch 1998)
Re: Major Security Hole IIS NT (Raymond Hatch 1998)

great idea but unfortunately the include tag will point to the filelocation that they can go to and look at it there.RayAt 04:04 PM 7/2/98, you wrote:>Another work around is to creat a file that has the search code it it and>use the include tad. That way all they will see is the tag.>>>>At 11:13 AM 7/2/98, you wrote:>>IIS reveals all special CGI Code>>>>Think no one can read your contextual searches, think again.>>>>Hit your webpage on an IIS server>>>>like http://www.yourdomain.com/special.tpl>>>>now try it like this>>>>http://www.yourdomain.com/special.tpl::$DATA>>>>All source code is revealed, even the special webdna data,>>>>this applies to all special CGI's running on IIS like ASP and Pearl. Try it.>>Hit your favorite microsoft server and add the url ::$DATA and you will see>>the special source code.>>>>Look here, this page is running Microsofts ASP and you can read it all.>>>>heheheh Pretty cool>>>>http://backoffice.microsoft.com/downtrial/default.asp::$DATA>>>>bummer is it also works on .tpl and the rest as well, I don't know about the>>encrypted pages available with 3.0 but I would be interested in hearing from>>others.>>>>Robert Minor>>Cybermill Communications>> > WebmasterMind Information Systemshttp://www.mindinfo.com Raymond Hatch

DOWNLOAD WEBDNA NOW!

Re: Major Security Hole IIS NT

1998

Top Articles:

Related Readings: