Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1998_3

Bugtraq archives for 3rd quarter (Jul-Sep) 1998: Re: More potential ASP problems

Re: More potential ASP problems

Paul Ashton (paulARGO.DEMON.CO.UK)
Mon, 6 Jul 1998 23:58:11 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Michael Howard: "Re: More potential ASP problems"
Previous message: Aleph One: "[rootshell] Security Bulletin #20"
In reply to: Fred Donck: "More potential ASP problems"
Next in thread: Michael Howard: "Re: More potential ASP problems"

f.c.w.donckSIEP.SHELL.COM said:
> Apart from the http://www.domain.com/xxxx.asp::$DATA in ASP applications
> there may also a http://www.domain.com/global.asa which may contain session
> variables and user-id/password combinations for entering databases and the
> like.

microsoft did list .asa files as one of several that needed to be
protected. I've also downloaded .dll, .exe, and .cfm files. I'm sure
there are many others. It is nothing to do with ASP applications,
just the fact that content handlers don't understand the type of any
particular file which doesn't have the correct .XXX extension.

http://www.scripting.com has some amusing anecdotes of credit card
database passwords and a frequent flier database password being
recovered.

Paul

Next message: Michael Howard: "Re: More potential ASP problems"
Previous message: Aleph One: "[rootshell] Security Bulletin #20"
In reply to: Fred Donck: "More potential ASP problems"
Next in thread: Michael Howard: "Re: More potential ASP problems"