RE: Major Security Hole IIS NT

This WebDNA talk-list message is from

1998


It keeps the original formatting.
numero = 18622
interpreted = N
texte = For now you can turn off 'read' access and only allow 'execute' on the directories with scripts. .html pages won't be served though.Aloha, Olin> -----Original Message----- > From: Bob Minor [mailto:bob@cybermill.com] > Sent: Thursday, July 02, 1998 6:14 AM > To: WebDNA-Talk@smithmicro.com > Cc: jeff@cybermill.com > Subject: Major Security Hole IIS NT > > > IIS reveals all special CGI Code > > Think no one can read your contextual searches, think again. > > Hit your webpage on an IIS server > > like http://www.yourdomain.com/special.tpl > > now try it like this > > http://www.yourdomain.com/special.tpl::$DATA > > All source code is revealed, even the special webdna data, > > this applies to all special CGI's running on IIS like ASP and > Pearl. Try it. > Hit your favorite microsoft server and add the url ::$DATA and > you will see > the special source code. > > Look here, this page is running Microsofts ASP and you can read it all. > > heheheh Pretty cool > > http://backoffice.microsoft.com/downtrial/default.asp::$DATA > > bummer is it also works on .tpl and the rest as well, I don't > know about the > encrypted pages available with 3.0 but I would be interested in > hearing from > others. > > Robert Minor > Cybermill Communications > > > Associated Messages, from the most recent to the oldest:

    
  1. Re: Major Security Hole IIS NT (Bob Minor 1998)
  2. Re: Major Security Hole IIS NT (greg 1998)
  3. Re: Major Security Hole IIS NT (Kenneth Grome 1998)
  4. Re: Major Security Hole IIS NT (Kenneth Grome 1998)
  5. RE: Major Security Hole IIS NT (PCS Technical Support 1998)
  6. RE: Major Security Hole IIS NT (Olin 1998)
  7. Re: Major Security Hole IIS NT (Bob Minor 1998)
  8. Re: Major Security Hole IIS NT (PCS Technical Support 1998)
  9. Re: Major Security Hole IIS NT (Bob Minor 1998)
  10. Re: Major Security Hole IIS NT (Peter Ostry 1998)
  11. Re: Major Security Hole IIS NT (Bob Minor 1998)
  12. Re: Major Security Hole IIS NT (Bob Minor 1998)
  13. Re: Major Security Hole IIS NT (Raymond Hatch 1998)
  14. Re: Major Security Hole IIS NT (Raymond Hatch 1998)
  15. Re: Major Security Hole IIS NT (Chuck Wall 1998)
  16. Re: Major Security Hole IIS NT (Raymond Hatch 1998)
  17. Re: Major Security Hole IIS NT (Raymond Hatch 1998)
  18. Re: Major Security Hole IIS NT (Raymond Hatch 1998)
  19. Re: Major Security Hole IIS NT (Raymond Hatch 1998)
For now you can turn off 'read' access and only allow 'execute' on the directories with scripts. .html pages won't be served though.Aloha, Olin> -----Original Message----- > From: Bob Minor [mailto:bob@cybermill.com] > Sent: Thursday, July 02, 1998 6:14 AM > To: WebDNA-Talk@smithmicro.com > Cc: jeff@cybermill.com > Subject: Major Security Hole IIS NT > > > IIS reveals all special CGI Code > > Think no one can read your contextual searches, think again. > > Hit your webpage on an IIS server > > like http://www.yourdomain.com/special.tpl > > now try it like this > > http://www.yourdomain.com/special.tpl::$DATA > > All source code is revealed, even the special webdna data, > > this applies to all special CGI's running on IIS like ASP and > Pearl. Try it. > Hit your favorite microsoft server and add the url ::$DATA and > you will see > the special source code. > > Look here, this page is running Microsofts ASP and you can read it all. > > heheheh Pretty cool > > http://backoffice.microsoft.com/downtrial/default.asp::$DATA > > bummer is it also works on .tpl and the rest as well, I don't > know about the > encrypted pages available with 3.0 but I would be interested in > hearing from > others. > > Robert Minor > Cybermill Communications > > > Olin

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

WebCat2b13 Mac plugin - [sendmail] and checkboxes (1997) How to Display text in empty fields (1997) Emailer on NT not working. (1999) PCS Emailer's role ? (1997) [WebDNA] [table] and COMMA in a Field (2015) Two prices in shoppingcart? (1997) ssl/empty cart problem (2003) multi-paragraph fields (1997) Anyone here care to chime in? (2005) [format] minus figures (2003) Interfacing WebMerchant to www.fedex.com (1997) Webten + Webcat running smooth (1998) Thanks Grant (1997) Emailer setup (1997) WebCat2.0 [format thousands .0f] no go (1997) European dates (1998) denying access to a banned username (2002) Not really WebCat (1997) refresh (2000) Sense/Disallow HTML tags during $Append (1997)