Re: Major Security Hole IIS NT
This WebDNA talk-list message is from 1998
It keeps the original formatting.
numero = 18628
interpreted = N
texte = Another work around is to creat a file that has the search code it it anduse the include tad. That way all they will see is the tag.At 11:13 AM 7/2/98, you wrote:>IIS reveals all special CGI Code>>Think no one can read your contextual searches, think again.>>Hit your webpage on an IIS server>>like http://www.yourdomain.com/special.tpl>>now try it like this>>http://www.yourdomain.com/special.tpl::$DATA>>All source code is revealed, even the special webdna data,>>this applies to all special CGI's running on IIS like ASP and Pearl. Try it.>Hit your favorite microsoft server and add the url ::$DATA and you will see>the special source code.>>Look here, this page is running Microsofts ASP and you can read it all.>>heheheh Pretty cool>>http://backoffice.microsoft.com/downtrial/default.asp::$DATA>>bummer is it also works on .tpl and the rest as well, I don't know about the>encrypted pages available with 3.0 but I would be interested in hearing from>others.>>Robert Minor>Cybermill Communications>
Associated Messages, from the most recent to the oldest:
Another work around is to creat a file that has the search code it it anduse the include tad. That way all they will see is the tag.At 11:13 AM 7/2/98, you wrote:>IIS reveals all special CGI Code>>Think no one can read your contextual searches, think again.>>Hit your webpage on an IIS server>>like http://www.yourdomain.com/special.tpl>>now try it like this>>http://www.yourdomain.com/special.tpl::$DATA>>All source code is revealed, even the special webdna data,>>this applies to all special CGI's running on IIS like ASP and Pearl. Try it.>Hit your favorite microsoft server and add the url ::$DATA and you will see>the special source code.>>Look here, this page is running Microsofts ASP and you can read it all.>>heheheh Pretty cool>>http://backoffice.microsoft.com/downtrial/default.asp::$DATA>>bummer is it also works on .tpl and the rest as well, I don't know about the>encrypted pages available with 3.0 but I would be interested in hearing from>others.>>Robert Minor>Cybermill Communications>
greg
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
[WebDNA] PayPal Integration (2017)
creator code (1997)
Design Help Needed (1998)
Sorry for the simple Question.. (1999)
Add sizes from check boxes (2002)
[WebDNA] [store] and [recall]: default db location (2015)
[sendmail] on NT? (1997)
WebCat2final1 crashes (1997)
WebCat2 - Getting to the browser's username/password data (1997)
[WebDNA] math date issues? (2013)
Support ?? (1997)
Uploading out of FMP (2001)
[protect] on NT? (1997)
restarting service remotely on NT (1997)
Anyone using WebCat UNIX on a busy server yet? (1999)
$flushcache causes crash (2000)
2.0Beta Command Ref (can't find this instruction) (1997)
WCS Newbie question (1997)
The Guru Speaks-very long reply (1998)
Error Lob.db records error message not name (1997)