Major Security Hole
This WebDNA talk-list message is from 1998
It keeps the original formatting.
numero = 18813
interpreted = N
texte = Major Security Hole,Earlier this month, Mac Webmasters got a chuckle at the security holeexposed in IIS using that text ::$DATA at the end of a url for .tpl or.asp, etc.Cool. It reveals the code that we all thought was hidden because it wasprocessed on the server. The fix was to map .tpl::$DATA to the webcat .dll.Simple enough. It works.BUT Macs are susceptible to this as well! And you can't, or at least Icouldn't, map .tmpl::$DATA to webcatalog. It still reveals the WebDNA tags.NOT good if you are showing and hiding text based on passwords like [showif[password]=3294.bob]. Now it becomes simple to find the once hiddenpasswords.Any body got any ideas?Anyone know why I can't map .tmpl::$DATA to Webcatalog on Webstar? Maybethe $ is the problem.Thanks, Paul _/_/_/_/_/_/_/_/_/_/_/_/|\_\_\_\_\_\_\_\_\_\_\_\_ _/_/_/Paul Uttermohlen, Internet Marketspace, Inc. \_\_\_\_ _/_/_/ mailto:paul@ims1.com - Website Development \_\_\_\_ _/_/_/ Business -
_\_\_\_\_\_\_\_\_\_\_ _/_/_/ Real Estate - _\_\_\_\_ _/_/_/Websites - Children _/ _\_\_\__/_/_/_/_/_/_/_/_/_/_/_/_/_/ | \_\_\_\_\_\_\_\_\_\_\_\_\_\_\_
Associated Messages, from the most recent to the oldest:
Major Security Hole,Earlier this month, Mac Webmasters got a chuckle at the security holeexposed in IIS using that text ::$DATA at the end of a url for .tpl or.asp, etc.Cool. It reveals the code that we all thought was hidden because it wasprocessed on the server. The fix was to map .tpl::$DATA to the webcat .dll.Simple enough. It works.BUT Macs are susceptible to this as well! And you can't, or at least Icouldn't, map .tmpl::$DATA to webcatalog. It still reveals the WebDNA tags.NOT good if you are showing and hiding text based on passwords like [showif[password]=3294.bob]. Now it becomes simple to find the once hiddenpasswords.Any body got any ideas?Anyone know why I can't map .tmpl::$DATA to Webcatalog on Webstar? Maybethe $ is the problem.Thanks, Paul _/_/_/_/_/_/_/_/_/_/_/_/|\_\_\_\_\_\_\_\_\_\_\_\_ _/_/_/Paul Uttermohlen, Internet Marketspace, Inc. \_\_\_\_ _/_/_/ mailto:paul@ims1.com - Website Development \_\_\_\_ _/_/_/ Business - _\_\_\_\_\_\_\_\_\_\_ _/_/_/ Real Estate - _\_\_\_\_ _/_/_/Websites - Children _/ _\_\_\__/_/_/_/_/_/_/_/_/_/_/_/_/_/ | \_\_\_\_\_\_\_\_\_\_\_\_\_\_\_
Paul Uttermohlen
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
Problem displaying search result (1997)
[WebDNA] Cookie Enabled/Disabled (2013)
Help with (2003)
More Shopping Cart Problems (2000)
Setting up shop (1997)
Running a store on BOTH http and https (1998)
Snake Bites (1997)
Discounts (2002)
webcatalog and webmerchant 2.1 (1998)
WebObjects (1998)
Initiating NewCart (1997)
For those of you not on the WebCatalog Beta... (1997)
[WebDNA] cant't restart webcatalog missing libcrypto.so.0.9.8 (2014)
question: webmerchant connection (1997)
Re:Running 2 two WebCatalog.acgi's (1996)
Introduction/Tutorial/QuickStart (1997)
New public beta available (1997)
No Answer on Web Merchant Problem? (2001)
Protect vs Authenicate (1997)
OS X and Emailer (2002)