Re: Major Security Hole IIS NT
This WebDNA talk-list message is from 1998
It keeps the original formatting.
numero = 18615
interpreted = N
texte = I would really like to see this port. It would get me on a more secure andflexible platform.-----Original Message-----From: Raymond Hatch
To: WebDNA-Talk@smithmicro.com Date: Thursday, July 02, 1998 1:02 PMSubject: Re: Major Security Hole IIS NT>Holy Crap...........quick PCS, release that unix port!!!>>At 11:13 AM 7/2/98, you wrote:>>IIS reveals all special CGI Code>>>>Think no one can read your contextual searches, think again.>>>>Hit your webpage on an IIS server>>>>like http://www.yourdomain.com/special.tpl>>>>now try it like this>>>>http://www.yourdomain.com/special.tpl::$DATA>>>>All source code is revealed, even the special webdna data,>>>>this applies to all special CGI's running on IIS like ASP and Pearl. Tryit.>>Hit your favorite microsoft server and add the url ::$DATA and you willsee>>the special source code.>>>>Look here, this page is running Microsofts ASP and you can read it all.>>>>heheheh Pretty cool>>>>http://backoffice.microsoft.com/downtrial/default.asp::$DATA>>>>bummer is it also works on .tpl and the rest as well, I don't know aboutthe>>encrypted pages available with 3.0 but I would be interested in hearingfrom>>others.>>>>Robert Minor>>Cybermill Communications>>>>Webmaster>Mind Information Systems>>>http://www.mindinfo.com>
Associated Messages, from the most recent to the oldest:
I would really like to see this port. It would get me on a more secure andflexible platform.-----Original Message-----From: Raymond Hatch To: WebDNA-Talk@smithmicro.com Date: Thursday, July 02, 1998 1:02 PMSubject: Re: Major Security Hole IIS NT>Holy Crap...........quick PCS, release that unix port!!!>>At 11:13 AM 7/2/98, you wrote:>>IIS reveals all special CGI Code>>>>Think no one can read your contextual searches, think again.>>>>Hit your webpage on an IIS server>>>>like http://www.yourdomain.com/special.tpl>>>>now try it like this>>>>http://www.yourdomain.com/special.tpl::$DATA>>>>All source code is revealed, even the special webdna data,>>>>this applies to all special CGI's running on IIS like ASP and Pearl. Tryit.>>Hit your favorite microsoft server and add the url ::$DATA and you willsee>>the special source code.>>>>Look here, this page is running Microsofts ASP and you can read it all.>>>>heheheh Pretty cool>>>>http://backoffice.microsoft.com/downtrial/default.asp::$DATA>>>>bummer is it also works on .tpl and the rest as well, I don't know aboutthe>>encrypted pages available with 3.0 but I would be interested in hearingfrom>>others.>>>>Robert Minor>>Cybermill Communications>>>>Webmaster>Mind Information Systems>>>http://www.mindinfo.com>
Bob Minor
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
[WebDNA] Ubuntu 16.04 LTS & WebDNA (2017)
autocommit problem (1998)
Re[2]: date (1999)
Snake Bites (1997)
[WebDNA] Intranet site request (2010)
[WebDNA] random blank results? how come? (2014)
RE: Emailer Set Up (1997)
international time (1997)
Error Lob.db records error message not name (1997)
sort problems....bug or brain fart? (1997)
mail test (1997)
Single Link browsing (1997)
Force leading zeros (1998)
Online reference (1997)
Problems getting parameters passed into email. (1997)
Wrong person (1998)
Grep Question (2003)
WebDNA FAQ or FAQs -- was "weird problem" (2004)
[OT] Communigate List (2003)
[shownext] stumps me every 3-4 months !@%*#! (2000)