|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: More information on MS00-044
From: rain forest puppy (rfp
WIRETRIP.NET)Date: Fri Aug 04 2000 - 10:39:00 CDT
- Next message: Dan Brumleve: "Dangerous Java/Netscape Security Hole"
- Previous message: Ofir Arkin: "Identifying SUN Solaris Machines using ICMP Address Mask Requests with a little twist"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I just wanted to drop a note to see if anyone else has any more
information on the '+.htr' vulnerability. So many people have been trying
it against me, I decided to look into it. :)
From what I can tell, it's a pretty effective bug, returning the source of
the page. HOWEVER, it seems that it will stop at the first '<%' it
encounters. For those of you that program in ASP, you'll know that <% %>
are the server-side script delimiters. So this effectively keeps you from
seeing source...or does it...?
I've noticed that if you use the <script runat=server></script>
delimiters, which function in the same manner as <% %>, you will get the
source. Well, up to any other '<%' existing in the same page.
Does anyone have any contrary results?
- rain forest puppy
ps. whisker v1.4 was released on my site. http://www.wiretrip.net/rfp/
- Next message: Dan Brumleve: "Dangerous Java/Netscape Security Hole"
- Previous message: Ofir Arkin: "Identifying SUN Solaris Machines using ICMP Address Mask Requests with a little twist"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]