[16095] in bugtraq
More information on MS00-044
daemon@ATHENA.MIT.EDU (rain forest puppy)
Mon Aug 7 03:18:21 2000
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-ID: <Pine.LNX.4.10.10008041034050.2551-100000@eight.wiretrip.net>
Date: Fri, 4 Aug 2000 10:39:00 -0500
Reply-To: rain forest puppy <rfp@WIRETRIP.NET>
From: rain forest puppy <rfp@WIRETRIP.NET>
X-To: vacuum@technotronic.com, win2ksecadvice@listserv.ntsecurity.net
To: BUGTRAQ@SECURITYFOCUS.COM
I just wanted to drop a note to see if anyone else has any more
information on the '+.htr' vulnerability. So many people have been trying
it against me, I decided to look into it. :)
From what I can tell, it's a pretty effective bug, returning the source of
the page. HOWEVER, it seems that it will stop at the first '<%' it
encounters. For those of you that program in ASP, you'll know that <% %>
are the server-side script delimiters. So this effectively keeps you from
seeing source...or does it...?
I've noticed that if you use the <script runat=server></script>
delimiters, which function in the same manner as <% %>, you will get the
source. Well, up to any other '<%' existing in the same page.
Does anyone have any contrary results?
- rain forest puppy
ps. whisker v1.4 was released on my site. http://www.wiretrip.net/rfp/
