Bugtraq mailing list archives

Re: More potential ASP problems

From: mikehow () MICROSOFT COM (Michael Howard)
Date: Mon, 6 Jul 1998 16:49:45 -0700

the recommended fix addresses global.asa also.

thanks, mh

-----Original Message-----
From: Fred Donck [mailto:f.c.w.donck () SIEP SHELL COM]
Sent: Friday, July 03, 1998 5:04 AM
To: BUGTRAQ () NETSPACE ORG
Subject: More potential ASP problems

All,

Apart from the reported ASP problems on both bugtraq and ntbugtraq one of my
colleques pointed me to some more exploit which may be just as bad. I
haven't seen any mention of it yet to both the lists

Apart from the http://www.domain.com/xxxx.asp::$DATA in ASP applications
there may also a http://www.domain.com/global.asa which may contain session
variables and user-id/password combinations for entering databases and the
like.

If not patched this is also subject to the vulnerabilities.

my $0.02,
Fred
--
-------------------- My opinions are my own ----------------------------
 Fred Donck                  | E-mail: f.c.w.donck () siep shell com (work)
 Technical Consultant        |         fred () donck com,
 Voice/Fax : +31-70-3112374  |         fred () realit com     (private)
--- Idle cycles are a waste !! Check http://www.distributed.net/rc5 ----

Current thread:

More potential ASP problems Fred Donck (Jul 03)
- Re: More potential ASP problems Paul Ashton (Jul 06)
- <Possible follow-ups>
- Re: More potential ASP problems Michael Howard (Jul 06)