Security Basics mailing list archives
Re: ASP security in HTML pages
From: Mike <mike () superiorholidayadventures ca>
Date: Wed, 23 Jun 2004 08:34:15 -0400
There is an old vulnerability listed here (IIS1-4 on NT): http://xforce.iss.net/xforce/xfdb/1125 Also an article on IIS5 here (from 2000): http://archive.infoworld.com/articles/op/xml/00/10/30/001030opswatch.xml I have not been able to find anything more recent than that on Google. Mike Fetherston PS> This query returned the most relevant results: http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=iis+vulnerability+reveal+asp+source&btnG=Search On Tue, 2004-06-22 at 07:42, Bénoni MARTIN wrote:
Hi list, I have been googling around to know how secure can be ASP code, and I found what follows: - For a newbee, impossible to get the asp scripts inserted in an HTML page as they are not displayed in the client's browser, - Instead of just letting the ASP code in the HTML pages, we can create some DLLs for example, but a not-to-bad skilled hacker can get and reverse them. So, my question to you, skilled-people :) is: is there a way to get the asp scripts in a page the server does not send when a client's request arrives? There should be a way to ^perform that, but how tough is it? Thanks in advance, folks! --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
--------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- ASP security in HTML pages Bénoni MARTIN (Jun 22)
- Re: ASP security in HTML pages Lucas Holt (Jun 23)
- Re: ASP security in HTML pages Nasir Ghaznavi (Jun 23)
- Re: ASP security in HTML pages Mike (Jun 23)
- <Possible follow-ups>
- RE: ASP security in HTML pages Wolf, Yonah (Jun 23)
- RE: ASP security in HTML pages Scovetta, Michael V (Jun 23)
- RE: ASP security in HTML pages Auri Rahimzadeh (Jun 25)
- Re: ASP security in HTML pages Matt Fisher (Jun 25)
- RE: ASP security in HTML pages Auri Rahimzadeh (Jun 25)
- RE: ASP security in HTML pages Bénoni MARTIN (Jun 24)
- RE: ASP security in HTML pages Harrison Gladden (Jun 25)
- RE: ASP security in HTML pages Steve McCullough (Jun 25)
- RE: ASP security in HTML pages Dinis Cruz (Jun 29)
- RE: ASP security in HTML pages Harrison Gladden (Jun 25)
- RE: ASP security in HTML pages Scovetta, Michael V (Jun 28)
- RE: ASP security in HTML pages Calderon, Juan Carlos (GE Commercial Finance, NonGE) (Jun 28)