[7178] in bugtraq
Re: More potential ASP problems
daemon@ATHENA.MIT.EDU (Michael Howard)
Mon Jul 6 21:37:27 1998
Date: Mon, 6 Jul 1998 16:49:45 -0700
Reply-To: Michael Howard <mikehow@MICROSOFT.COM>
From: Michael Howard <mikehow@MICROSOFT.COM>
X-To: Fred Donck <f.c.w.donck@SIEP.SHELL.COM>
To: BUGTRAQ@NETSPACE.ORG
the recommended fix addresses global.asa also.
thanks, mh
-----Original Message-----
From: Fred Donck [mailto:f.c.w.donck@SIEP.SHELL.COM]
Sent: Friday, July 03, 1998 5:04 AM
To: BUGTRAQ@NETSPACE.ORG
Subject: More potential ASP problems
All,
Apart from the reported ASP problems on both bugtraq and ntbugtraq one of my
colleques pointed me to some more exploit which may be just as bad. I
haven't seen any mention of it yet to both the lists
Apart from the http://www.domain.com/xxxx.asp::$DATA in ASP applications
there may also a http://www.domain.com/global.asa which may contain session
variables and user-id/password combinations for entering databases and the
like.
If not patched this is also subject to the vulnerabilities.
my $0.02,
Fred
--
-------------------- My opinions are my own ----------------------------
Fred Donck | E-mail: f.c.w.donck@siep.shell.com (work)
Technical Consultant | fred@donck.com,
Voice/Fax : +31-70-3112374 | fred@realit.com (private)
--- Idle cycles are a waste !! Check http://www.distributed.net/rc5 ----
