Bugtraq mailing list archives

More potential ASP problems

From: f.c.w.donck () SIEP SHELL COM (Fred Donck)
Date: Fri, 3 Jul 1998 14:04:09 +0200


All,

Apart from the reported ASP problems on both bugtraq and ntbugtraq one of my
colleques pointed me to some more exploit which may be just as bad. I
haven't seen any mention of it yet to both the lists

Apart from the http://www.domain.com/xxxx.asp::$DATA in ASP applications
there may also a http://www.domain.com/global.asa which may contain session
variables and user-id/password combinations for entering databases and the
like.

If not patched this is also subject to the vulnerabilities.

my $0.02,
Fred
--
-------------------- My opinions are my own ----------------------------
 Fred Donck                  | E-mail: f.c.w.donck () siep shell com (work)
 Technical Consultant        |         fred () donck com,
 Voice/Fax : +31-70-3112374  |         fred () realit com     (private)
--- Idle cycles are a waste !! Check http://www.distributed.net/rc5 ----

Current thread:

More potential ASP problems Fred Donck (Jul 03)
- Re: More potential ASP problems Paul Ashton (Jul 06)
- <Possible follow-ups>
- Re: More potential ASP problems Michael Howard (Jul 06)