[7173] in bugtraq
More potential ASP problems
daemon@ATHENA.MIT.EDU (Fred Donck)
Mon Jul 6 19:47:34 1998
Date: Fri, 3 Jul 1998 14:04:09 +0200
Reply-To: Fred Donck <f.c.w.donck@SIEP.SHELL.COM>
From: Fred Donck <f.c.w.donck@SIEP.SHELL.COM>
X-To: ntbugtraq@listserv.ntbugtraq.com
To: BUGTRAQ@NETSPACE.ORG
All,
Apart from the reported ASP problems on both bugtraq and ntbugtraq one of my
colleques pointed me to some more exploit which may be just as bad. I
haven't seen any mention of it yet to both the lists
Apart from the http://www.domain.com/xxxx.asp::$DATA in ASP applications
there may also a http://www.domain.com/global.asa which may contain session
variables and user-id/password combinations for entering databases and the
like.
If not patched this is also subject to the vulnerabilities.
my $0.02,
Fred
--
-------------------- My opinions are my own ----------------------------
Fred Donck | E-mail: f.c.w.donck@siep.shell.com (work)
Technical Consultant | fred@donck.com,
Voice/Fax : +31-70-3112374 | fred@realit.com (private)
--- Idle cycles are a waste !! Check http://www.distributed.net/rc5 ----
