Bugtraq mailing list archives
ASP Security Hole (fwd)
From: bgreenbaum () SECURITYFOCUS COM (bgreenbaum () SECURITYFOCUS COM)
Date: Wed, 9 Feb 2000 16:21:57 -0800
Forwarded with permission of the author. Please direct all replies to jwalsh () jwsg com. Ben Greenbaum Director of Site Content Security Focus http://www.securityfocus.com ---------- Forwarded message ---------- Description: ============ Active server pages (ASP) with runtime errors expose a security hole that publishes the full source code name to the caller. If these scripts are published on the internet before they are debugged by the programmer, the major search engines index them. These indexed ASP pages can be then located with a simple search. The search results publish the full path and file name for the ASP scripts. This URL can be viewed in a browser and may reveal full source code with details of business logic, database location and structure. Procedure: ========== - In the Altavisa search engine execute a search for +"Microsoft VBScript runtime error" +".inc, " - Look for search results that include the full path and filename for an include (.inc) file. - Append the include filename to the host name and call this up in a web browser. Example: www.rodney.com/stationery/browser.inc Examples: ========= http://shopping.altavista.com/inc/lib/prep.lib Exposes database connections and properties, resource locations, cookie logic, server IP addresses, business logic http://www.justshop.com/SFLib/ship.inc Exposes database properties, business logic http://www.bbclub.com:8013/includes/general.inc Exposes cobranding business logic http://www.salest.com/corporate/admin/include/jobs.inc Exposes datafile locations and structure http://www.bjsbabes.com/SFLib/design.inc Exposes source code for StoreFront 2000 including database structure http://www.ffg.com/scripts/IsSearchEngine.inc Exposes search engine log http://www.wcastl.com/include/functions.inc Exposes members email addresses and private comments file http://www.wcastl.com/flat/comments.txt http://www.traveler.net/two/cookies.inc Exposes cookie logic Resolution: =========== - Search engines should not index pages that have ASP runtime errors. - Programmers should fully debug their ASP scripts before publishing them on the web - Security administrators need to secure the ASP include files so that external users can not view them. =========================== Jerry Walsh JW's Software Gems Email jwalsh () jwsg com Phone (949) 855-0233 Website http://www.jwsg.com ===========================
Current thread:
- Re: RFP2K01 - "How I hacked Packetstorm" (wwwthreads advisory), (continued)
- Re: RFP2K01 - "How I hacked Packetstorm" (wwwthreads advisory) Jeremy Whittington (Feb 08)
- Re: RFP2K01 - "How I hacked Packetstorm" (wwwthreads advisory) Barclay Osborn (Feb 04)
- Re: RFP2K01 - "How I hacked Packetstorm" (wwwthreads advisory) van der Meulen, Robert (Feb 05)
- DBI bind values [was Re: RFP2K01 - "How I hacked Packetstorm" (wwwthreads advisory)] Kelly.Setzer () INGRAMENTERTAINMENT COM (Feb 07)
- Debian (frozen): Perms on /usr/lib/libguile.so.6.0.0 Jamie Fifield (Feb 05)
- Re: Debian (frozen): Perms on /usr/lib/libguile.so.6.0.0 Torsten Landschoff (Feb 08)
- Re: RFP2K01 - "How I hacked Packetstorm" (wwwthreads advisory) rain forest puppy (Feb 08)
- Re: RFP2K01 - "How I hacked Packetstorm" (wwwthreads advisory) Smith, Eric V. (Feb 09)
- Re: RFP2K01 - "How I hacked Packetstorm" (wwwthreads advisory) W. Craig Trader (Feb 09)
- FireWall-1 FTP Server Vulnerability John McDonald (Feb 09)
- ASP Security Hole (fwd) bgreenbaum () SECURITYFOCUS COM (Feb 09)
- Re: ASP Security Hole (fwd) Rob Systhine (Feb 10)
- Multiple firewalls: FTP Application Level Gateway "PASV" Vulnerability Mikael Olsson (Feb 10)
- NT Service Pack requirements (Bell Atlantic DSL) Bob Kline (Feb 10)
- Re: NT Service Pack requirements (Bell Atlantic DSL) Jonathan M. Bresler (Feb 11)