[7177] in bugtraq
Re: More potential ASP problems
daemon@ATHENA.MIT.EDU (Paul Ashton)
Mon Jul 6 21:36:47 1998
Date: Mon, 6 Jul 1998 23:58:11 +0200
Reply-To: Paul Ashton <paul@ARGO.DEMON.CO.UK>
From: Paul Ashton <paul@ARGO.DEMON.CO.UK>
X-To: Fred Donck <f.c.w.donck@SIEP.SHELL.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: Your message of "Fri, 03 Jul 1998 14:04:09 +0200."
<359CBAA9.69C2067F@siep.shell.com>
f.c.w.donck@SIEP.SHELL.COM said:
> Apart from the http://www.domain.com/xxxx.asp::$DATA in ASP applications
> there may also a http://www.domain.com/global.asa which may contain session
> variables and user-id/password combinations for entering databases and the
> like.
microsoft did list .asa files as one of several that needed to be
protected. I've also downloaded .dll, .exe, and .cfm files. I'm sure
there are many others. It is nothing to do with ASP applications,
just the fact that content handlers don't understand the type of any
particular file which doesn't have the correct .XXX extension.
http://www.scripting.com has some amusing anecdotes of credit card
database passwords and a frequent flier database password being
recovered.
Paul
