Re: Major Security Hole
This WebDNA talk-list message is from 1998
It keeps the original formatting.
numero = 18817
interpreted = N
texte = doesn't work on my box.-----Original Message-----From: Paul Uttermohlen
To: WebDNA-Talk@smithmicro.com Date: Monday, July 13, 1998 1:15 PMSubject: Major Security Hole>Major Security Hole,>>Earlier this month, Mac Webmasters got a chuckle at the security hole>exposed in IIS using that text ::$DATA at the end of a url for .tpl or>.asp, etc.>>Cool. It reveals the code that we all thought was hidden because it was>processed on the server. The fix was to map .tpl::$DATA to the webcat .dll.>Simple enough. It works.>>BUT Macs are susceptible to this as well! And you can't, or at least I>couldn't, map .tmpl::$DATA to webcatalog. It still reveals the WebDNA tags.>NOT good if you are showing and hiding text based on passwords like [showif>[password]=3294.bob]. Now it becomes simple to find the once hidden>passwords.>>Any body got any ideas?>>Anyone know why I can't map .tmpl::$DATA to Webcatalog on Webstar? Maybe>the $ is the problem.>>Thanks, Paul>>> _/_/_/_/_/_/_/_/_/_/_/_/|\_\_\_\_\_\_\_\_\_\_\_\_> _/_/_/Paul Uttermohlen, Internet Marketspace, Inc. \_\_\_\_> _/_/_/ mailto:paul@ims1.com - Website Development \_\_\_\_> _/_/_/ Business - _\_\_\_\_\_\_\_\_\_\_> _/_/_/ Real Estate - _\_\_\_\_> _/_/_/Websites - Children _/ _\_\_\_>_/_/_/_/_/_/_/_/_/_/_/_/_/_/ | \_\_\_\_\_\_\_\_\_\_\_\_\_\_\_>>>
Associated Messages, from the most recent to the oldest:
doesn't work on my box.-----Original Message-----From: Paul Uttermohlen To: WebDNA-Talk@smithmicro.com Date: Monday, July 13, 1998 1:15 PMSubject: Major Security Hole>Major Security Hole,>>Earlier this month, Mac Webmasters got a chuckle at the security hole>exposed in IIS using that text ::$DATA at the end of a url for .tpl or>.asp, etc.>>Cool. It reveals the code that we all thought was hidden because it was>processed on the server. The fix was to map .tpl::$DATA to the webcat .dll.>Simple enough. It works.>>BUT Macs are susceptible to this as well! And you can't, or at least I>couldn't, map .tmpl::$DATA to webcatalog. It still reveals the WebDNA tags.>NOT good if you are showing and hiding text based on passwords like [showif>[password]=3294.bob]. Now it becomes simple to find the once hidden>passwords.>>Any body got any ideas?>>Anyone know why I can't map .tmpl::$DATA to Webcatalog on Webstar? Maybe>the $ is the problem.>>Thanks, Paul>>> _/_/_/_/_/_/_/_/_/_/_/_/|\_\_\_\_\_\_\_\_\_\_\_\_> _/_/_/Paul Uttermohlen, Internet Marketspace, Inc. \_\_\_\_> _/_/_/ mailto:paul@ims1.com - Website Development \_\_\_\_> _/_/_/ Business - _\_\_\_\_\_\_\_\_\_\_> _/_/_/ Real Estate - _\_\_\_\_> _/_/_/Websites - Children _/ _\_\_\_>_/_/_/_/_/_/_/_/_/_/_/_/_/_/ | \_\_\_\_\_\_\_\_\_\_\_\_\_\_\_>>>
Bob Minor
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
Closing db's & caching templates (was: Shippingcalculations) (1997)
Date/Time format problems (1997)
html in a database (1998)
Emailer (1997)
select multiple (1997)
[WebDNA] Anyone knows how to shell reboot? (2013)
[WriteFile] problems (1997)
Anyone have an invoicing system? (1999)
syntax question, not in online refernce (1997)
Seattle based Webcatters? (2000)
[date format] w/in sendmail (1997)
multiple prices (1998)
set header in DB (no cart) (2003)
WebCat2b12 - nesting [tags] (1997)
Need WebDNA that crashes server for testing (2000)
RE: [isfolder] and [filename] (1997)
Where's Cart Created ? (1997)
Verisigns SDK (pay flo pro) (2002)
[ShowNext] (1997)
Summary search -- speed (1997)