Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1998_3

Bugtraq archives for 3rd quarter (Jul-Sep) 1998: More potential ASP problems

More potential ASP problems

Fred Donck (f.c.w.donckSIEP.SHELL.COM)
Fri, 3 Jul 1998 14:04:09 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: RSI Advise: "RSI.0006.06-25-98.HP-UX.RLPDAEMON"
Previous message: Bug Lord: "SmurfLog 1.0"
Next in thread: Paul Ashton: "Re: More potential ASP problems"

All,

Apart from the reported ASP problems on both bugtraq and ntbugtraq one of my
colleques pointed me to some more exploit which may be just as bad. I
haven't seen any mention of it yet to both the lists

Apart from the http://www.domain.com/xxxx.asp::$DATA in ASP applications
there may also a http://www.domain.com/global.asa which may contain session
variables and user-id/password combinations for entering databases and the
like.

If not patched this is also subject to the vulnerabilities.

my $0.02,
Fred
--
-------------------- My opinions are my own ----------------------------
 Fred Donck                  | E-mail: f.c.w.doncksiep.shell.com (work)
 Technical Consultant        |         freddonck.com,
 Voice/Fax : +31-70-3112374  |         fredrealit.com     (private)
--- Idle cycles are a waste !! Check http://www.distributed.net/rc5 ----

Next message: RSI Advise: "RSI.0006.06-25-98.HP-UX.RLPDAEMON"
Previous message: Bug Lord: "SmurfLog 1.0"
Next in thread: Paul Ashton: "Re: More potential ASP problems"