Bugtraq mailing list archives
Re: More potential ASP problems
From: paul () ARGO DEMON CO UK (Paul Ashton)
Date: Mon, 6 Jul 1998 23:58:11 +0200
f.c.w.donck () SIEP SHELL COM said:
Apart from the http://www.domain.com/xxxx.asp::$DATA in ASP applications there may also a http://www.domain.com/global.asa which may contain session variables and user-id/password combinations for entering databases and the like.
microsoft did list .asa files as one of several that needed to be protected. I've also downloaded .dll, .exe, and .cfm files. I'm sure there are many others. It is nothing to do with ASP applications, just the fact that content handlers don't understand the type of any particular file which doesn't have the correct .XXX extension. http://www.scripting.com has some amusing anecdotes of credit card database passwords and a frequent flier database password being recovered. Paul
Current thread:
- More potential ASP problems Fred Donck (Jul 03)
- Re: More potential ASP problems Paul Ashton (Jul 06)
- <Possible follow-ups>
- Re: More potential ASP problems Michael Howard (Jul 06)