NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Win2KSecurity Advice> 2000-q1

Subject: ASP Security Hole (fwd)
From: MJE (markNTSHOP.NET)
Date: Thu Feb 10 2000 - 16:21:12 CST

Next message: MJE: "FW: remote DoS on Internet Anywhere Mail Server Ver.3.1.3"
Previous message: Roy V. Ellis: "WebSpeed Security Issue"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

FORWARDED:

> ---------- Forwarded message ----------
> Description:
> ============
> Active server pages (ASP) with runtime errors
> expose a security hole that publishes
> the full source code name to the caller.
> If these scripts are published on the
> internet before they are debugged by
> the programmer, the major search
> engines index them. These indexed
> ASP pages can be then located with a
> simple search. The search results publish
> the full path and file name for the ASP
> scripts. This URL can be viewed in a browser
> and may reveal full source code with
> details of business logic, database location
> and structure.
>
> Procedure:
> ==========
> - In the Altavisa search engine execute a search for
> +"Microsoft VBScript runtime error" +".inc, "
>
> - Look for search results that include the full
> path and filename for an include (.inc) file.
>
> - Append the include filename to the host name
> and call this up in a web browser.
> Example: www.rodney.com/stationery/browser.inc
>
> Examples:
> =========
> http://shopping.altavista.com/inc/lib/prep.lib
> Exposes database connections and properties, resource locations,
> cookie logic, server IP addresses, business logic
>
http://www.justshop.com/SFLib/ship.inc
Exposes database properties, business logic

http://www.bbclub.com:8013/includes/general.inc
Exposes cobranding business logic

http://www.salest.com/corporate/admin/include/jobs.inc
Exposes datafile locations and structure

http://www.bjsbabes.com/SFLib/design.inc
Exposes source code for StoreFront 2000 including
database structure

http://www.ffg.com/scripts/IsSearchEngine.inc
Exposes search engine log

http://www.wcastl.com/include/functions.inc
Exposes members email addresses and
private comments file http://www.wcastl.com/flat/comments.txt

http://www.traveler.net/two/cookies.inc
Exposes cookie logic

Resolution:
===========

- Search engines should not index pages that
have ASP runtime errors.

- Programmers should fully debug their ASP
scripts before publishing them on the web

- Security administrators need to secure
the ASP include files so that external users
can not view them.

===========================
Jerry Walsh
JW's Software Gems
Email jwalshjwsg.com
Phone (949) 855-0233
Website http://www.jwsg.com
===========================

_____________________________________________________________________
** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net

Next message: MJE: "FW: remote DoS on Internet Anywhere Mail Server Ver.3.1.3"
Previous message: Roy V. Ellis: "WebSpeed Security Issue"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]