Re: Major Security Hole IIS NT

This WebDNA talk-list message is from

1998


It keeps the original formatting.
numero = 18600
interpreted = N
texte = NT BUG Tracker say's Microsoft to have release patch on site today. Watch www.microsoft.com/security RayAt 12:04 PM 7/2/98, you wrote: >I would really like to see this port. It would get me on a more secure and >flexible platform. > > >-----Original Message----- >From: Raymond Hatch >To: WebDNA-Talk@smithmicro.com >Date: Thursday, July 02, 1998 1:02 PM >Subject: Re: Major Security Hole IIS NT > > >>Holy Crap...........quick PCS, release that unix port!!! >> >>At 11:13 AM 7/2/98, you wrote: >>>IIS reveals all special CGI Code >>> >>>Think no one can read your contextual searches, think again. >>> >>>Hit your webpage on an IIS server >>> >>>like http://www.yourdomain.com/special.tpl >>> >>>now try it like this >>> >>>http://www.yourdomain.com/special.tpl::$DATA >>> >>>All source code is revealed, even the special webdna data, >>> >>>this applies to all special CGI's running on IIS like ASP and Pearl. Try >it. >>>Hit your favorite microsoft server and add the url ::$DATA and you will >see >>>the special source code. >>> >>>Look here, this page is running Microsofts ASP and you can read it all. >>> >>>heheheh Pretty cool >>> >>>http://backoffice.microsoft.com/downtrial/default.asp::$DATA >>> >>>bummer is it also works on .tpl and the rest as well, I don't know about >the >>>encrypted pages available with 3.0 but I would be interested in hearing >from >>>others. >>> >>>Robert Minor >>>Cybermill Communications >>> >> >>Webmaster >>Mind Information Systems >> >> >>http://www.mindinfo.com >> > Webmaster Mind Information Systems http://www.mindinfo.com Associated Messages, from the most recent to the oldest:

    
  1. Re: Major Security Hole IIS NT (Bob Minor 1998)
  2. Re: Major Security Hole IIS NT (greg 1998)
  3. Re: Major Security Hole IIS NT (Kenneth Grome 1998)
  4. Re: Major Security Hole IIS NT (Kenneth Grome 1998)
  5. RE: Major Security Hole IIS NT (PCS Technical Support 1998)
  6. RE: Major Security Hole IIS NT (Olin 1998)
  7. Re: Major Security Hole IIS NT (Bob Minor 1998)
  8. Re: Major Security Hole IIS NT (PCS Technical Support 1998)
  9. Re: Major Security Hole IIS NT (Bob Minor 1998)
  10. Re: Major Security Hole IIS NT (Peter Ostry 1998)
  11. Re: Major Security Hole IIS NT (Bob Minor 1998)
  12. Re: Major Security Hole IIS NT (Bob Minor 1998)
  13. Major Security Hole IIS NT (Bob Minor 1998)
  14. Re: Major Security Hole IIS NT (Raymond Hatch 1998)
  15. Re: Major Security Hole IIS NT (Raymond Hatch 1998)
  16. Re: Major Security Hole IIS NT (Chuck Wall 1998)
  17. Re: Major Security Hole IIS NT (Raymond Hatch 1998)
  18. Re: Major Security Hole IIS NT (Raymond Hatch 1998)
  19. Re: Major Security Hole IIS NT (Raymond Hatch 1998)
  20. Re: Major Security Hole IIS NT (Raymond Hatch 1998)
NT BUG Tracker say's Microsoft to have release patch on site today. Watch www.microsoft.com/security RayAt 12:04 PM 7/2/98, you wrote: >I would really like to see this port. It would get me on a more secure and >flexible platform. > > >-----Original Message----- >From: Raymond Hatch >To: WebDNA-Talk@smithmicro.com >Date: Thursday, July 02, 1998 1:02 PM >Subject: Re: Major Security Hole IIS NT > > >>Holy Crap...........quick PCS, release that unix port!!! >> >>At 11:13 AM 7/2/98, you wrote: >>>IIS reveals all special CGI Code >>> >>>Think no one can read your contextual searches, think again. >>> >>>Hit your webpage on an IIS server >>> >>>like http://www.yourdomain.com/special.tpl >>> >>>now try it like this >>> >>>http://www.yourdomain.com/special.tpl::$DATA >>> >>>All source code is revealed, even the special webdna data, >>> >>>this applies to all special CGI's running on IIS like ASP and Pearl. Try >it. >>>Hit your favorite microsoft server and add the url ::$DATA and you will >see >>>the special source code. >>> >>>Look here, this page is running Microsofts ASP and you can read it all. >>> >>>heheheh Pretty cool >>> >>>http://backoffice.microsoft.com/downtrial/default.asp::$DATA >>> >>>bummer is it also works on .tpl and the rest as well, I don't know about >the >>>encrypted pages available with 3.0 but I would be interested in hearing >from >>>others. >>> >>>Robert Minor >>>Cybermill Communications >>> >> >>Webmaster >>Mind Information Systems >> >> >>http://www.mindinfo.com >> > Webmaster Mind Information Systems http://www.mindinfo.com Raymond Hatch

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Getting total number of items ordered (1997) Emailer port change (1997) SSL, WebSTAR, WebCatalog (1998) Webcat2, WebCommerce, Mod 10 etc. (1997) Error -108 (1997) MacActivity and PCS (1997) [WebDNA] COMMITDATABASE in linux unix 64bits FastCGI version 8.6 (2020) read and write you own cookies with webcat (1997) error -108 (1997) calculating tax rates, mail order solutions and version 2 (1997) Search problems! (1999) WebDelivery: One step closer !! (1997) Problem with CC problem ? (1997) Searching multiple Databases (1997) formula's (1998) hmmm (2006) [FoundItems] solved - thanks (1997) [WebDNA] [OT] BBEdit Glossary (2012) Shopping problems with 2.1b3 acgi (1997) Database Connectivity (1999)