RE: Major Security Hole IIS NT
This WebDNA talk-list message is from 1998
It keeps the original formatting.
numero = 18622
interpreted = N
texte = For now you can turn off 'read' access and only allow 'execute' on thedirectories with scripts. .html pages won't be served though.Aloha, Olin> -----Original Message-----> From: Bob Minor [mailto:bob@cybermill.com]> Sent: Thursday, July 02, 1998 6:14 AM> To: WebDNA-Talk@smithmicro.com> Cc: jeff@cybermill.com> Subject: Major Security Hole IIS NT>>> IIS reveals all special CGI Code>> Think no one can read your contextual searches, think again.>> Hit your webpage on an IIS server>> like http://www.yourdomain.com/special.tpl>> now try it like this>> http://www.yourdomain.com/special.tpl::$DATA>> All source code is revealed, even the special webdna data,>> this applies to all special CGI's running on IIS like ASP and> Pearl. Try it.> Hit your favorite microsoft server and add the url ::$DATA and> you will see> the special source code.>> Look here, this page is running Microsofts ASP and you can read it all.>> heheheh Pretty cool>> http://backoffice.microsoft.com/downtrial/default.asp::$DATA>> bummer is it also works on .tpl and the rest as well, I don't> know about the> encrypted pages available with 3.0 but I would be interested in> hearing from> others.>> Robert Minor> Cybermill Communications>>>
Associated Messages, from the most recent to the oldest:
For now you can turn off 'read' access and only allow 'execute' on thedirectories with scripts. .html pages won't be served though.Aloha, Olin> -----Original Message-----> From: Bob Minor [mailto:bob@cybermill.com]> Sent: Thursday, July 02, 1998 6:14 AM> To: WebDNA-Talk@smithmicro.com> Cc: jeff@cybermill.com> Subject: Major Security Hole IIS NT>>> IIS reveals all special CGI Code>> Think no one can read your contextual searches, think again.>> Hit your webpage on an IIS server>> like http://www.yourdomain.com/special.tpl>> now try it like this>> http://www.yourdomain.com/special.tpl::$DATA>> All source code is revealed, even the special webdna data,>> this applies to all special CGI's running on IIS like ASP and> Pearl. Try it.> Hit your favorite microsoft server and add the url ::$DATA and> you will see> the special source code.>> Look here, this page is running Microsofts ASP and you can read it all.>> heheheh Pretty cool>> http://backoffice.microsoft.com/downtrial/default.asp::$DATA>> bummer is it also works on .tpl and the rest as well, I don't> know about the> encrypted pages available with 3.0 but I would be interested in> hearing from> others.>> Robert Minor> Cybermill Communications>>>
Olin
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
WebDNA dying or ... ? (2005)
[OT] Form POSTing with LONG variable (2007)
WebCat2 as a chat server? (1997)
database size? (1997)
DDEConnect not working (2006)
RE: new cart IDs being assigned somehow (1997)
Re1000001: Setting up shop (1997)
Help formatting search results w/ table (1997)
Paramater Passing Value (2002)
URL for Discussion Archive (1997)
WebCat2: Items xx to xx shown, etc. (1997)
WebMerchant when CC network is down (1998)
I'm new be kind (1997)
Grep and <> (2005)
Formatting of email on NT (1998)
[Search] on Remote Database (2000)
Using Plug-In while running 1.6.1 (1997)
Summing fields (1997)
Multiple fields on 1 input (1997)
Separate SSL Server (1997)