|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Vague ASP Vulnerability in WebSite and Netscape NT Servers
- To: NTBUGTRAQ
LISTSERV.NTBUGTRAQ.COM - Subject: Re: Vague ASP Vulnerability in WebSite and Netscape NT Servers
- From: Steve Boyce <SteveBHBS.COM>
- Date: Tue, 30 Jun 1998 12:22:53 +0100
- Reply-To: Steve Boyce <SteveBHBS.COM>
- Sender: Windows NT BugTraq Mailing List <NTBUGTRAQLISTSERV.NTBUGTRAQ.COM>
Just out of curiosity, quite apart from suffixing odd characters, has anyone stress-tested these webservers with other URL's intended to deceive their parsers such as (off the top of my head): /root/dummy.htm/../showmethesource.asp or /root/dummy.htm?/../showmethesource.asp or /root/dummy.idc/root/showmethesource.asp (invoke idc script engine on asp file, or vice versa)or /root/dummy.idc/../../root/showmethesource.asp or /root/showmethesource.asp%20.htm etc etc Steve
- Prev by Date: Re: Vague ASP Vulnerability in WebSite and Netscape NT Servers
- Next by Date: ASP vulnerability with Alternate Data Streams
- Prev by thread: Re: Vague ASP Vulnerability in WebSite and Netscape NT Servers
- Next by thread: MS SQL Server 6.5 stores password in unprotected area of registry
- Index(es):