Re: Major Security Hole IIS NT
This WebDNA talk-list message is from 1998
It keeps the original formatting.
numero = 18600
interpreted = N
texte = NT BUG Tracker say's Microsoft to have release patch on site today. Watchwww.microsoft.com/security RayAt 12:04 PM 7/2/98, you wrote:>I would really like to see this port. It would get me on a more secure and>flexible platform.>>>-----Original Message----->From: Raymond Hatch
>To: WebDNA-Talk@smithmicro.com >Date: Thursday, July 02, 1998 1:02 PM>Subject: Re: Major Security Hole IIS NT>>>>Holy Crap...........quick PCS, release that unix port!!!>>>>At 11:13 AM 7/2/98, you wrote:>>>IIS reveals all special CGI Code>>>>>>Think no one can read your contextual searches, think again.>>>>>>Hit your webpage on an IIS server>>>>>>like http://www.yourdomain.com/special.tpl>>>>>>now try it like this>>>>>>http://www.yourdomain.com/special.tpl::$DATA>>>>>>All source code is revealed, even the special webdna data,>>>>>>this applies to all special CGI's running on IIS like ASP and Pearl. Try>it.>>>Hit your favorite microsoft server and add the url ::$DATA and you will>see>>>the special source code.>>>>>>Look here, this page is running Microsofts ASP and you can read it all.>>>>>>heheheh Pretty cool>>>>>>http://backoffice.microsoft.com/downtrial/default.asp::$DATA>>>>>>bummer is it also works on .tpl and the rest as well, I don't know about>the>>>encrypted pages available with 3.0 but I would be interested in hearing>from>>>others.>>>>>>Robert Minor>>>Cybermill Communications>>>>>>>Webmaster>>Mind Information Systems>>>>>>http://www.mindinfo.com>>> WebmasterMind Information Systemshttp://www.mindinfo.com
Associated Messages, from the most recent to the oldest:
NT BUG Tracker say's Microsoft to have release patch on site today. Watchwww.microsoft.com/security RayAt 12:04 PM 7/2/98, you wrote:>I would really like to see this port. It would get me on a more secure and>flexible platform.>>>-----Original Message----->From: Raymond Hatch >To: WebDNA-Talk@smithmicro.com >Date: Thursday, July 02, 1998 1:02 PM>Subject: Re: Major Security Hole IIS NT>>>>Holy Crap...........quick PCS, release that unix port!!!>>>>At 11:13 AM 7/2/98, you wrote:>>>IIS reveals all special CGI Code>>>>>>Think no one can read your contextual searches, think again.>>>>>>Hit your webpage on an IIS server>>>>>>like http://www.yourdomain.com/special.tpl>>>>>>now try it like this>>>>>>http://www.yourdomain.com/special.tpl::$DATA>>>>>>All source code is revealed, even the special webdna data,>>>>>>this applies to all special CGI's running on IIS like ASP and Pearl. Try>it.>>>Hit your favorite microsoft server and add the url ::$DATA and you will>see>>>the special source code.>>>>>>Look here, this page is running Microsofts ASP and you can read it all.>>>>>>heheheh Pretty cool>>>>>>http://backoffice.microsoft.com/downtrial/default.asp::$DATA>>>>>>bummer is it also works on .tpl and the rest as well, I don't know about>the>>>encrypted pages available with 3.0 but I would be interested in hearing>from>>>others.>>>>>>Robert Minor>>>Cybermill Communications>>>>>>>Webmaster>>Mind Information Systems>>>>>>http://www.mindinfo.com>>> WebmasterMind Information Systemshttp://www.mindinfo.com
Raymond Hatch
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
Getting total number of items ordered (1997)
Emailer port change (1997)
SSL, WebSTAR, WebCatalog (1998)
Webcat2, WebCommerce, Mod 10 etc. (1997)
Error -108 (1997)
MacActivity and PCS (1997)
[WebDNA] COMMITDATABASE in linux unix 64bits FastCGI version 8.6 (2020)
read and write you own cookies with webcat (1997)
error -108 (1997)
calculating tax rates, mail order solutions and version 2 (1997)
Search problems! (1999)
WebDelivery: One step closer !! (1997)
Problem with CC problem ? (1997)
Searching multiple Databases (1997)
formula's (1998)
hmmm (2006)
[FoundItems] solved - thanks (1997)
[WebDNA] [OT] BBEdit Glossary (2012)
Shopping problems with 2.1b3 acgi (1997)
Database Connectivity (1999)