Security flaw within ASP

Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Security flaw within ASP

  1. #1
    Join Date
    Dec 1969
    Posts
    736

    Default Security flaw within ASP

    I&#039ve just been advised by a friend of a way to view entire asp files from a client. You just type in the following,<BR>http://www.yourweb.com/youraspfile.asp::Data, from your browser<BR>you can then view source and see everything!!! I&#039ve just started to use ASP and see this as a good reason why not to use it, anyone got a work around? Apparently Microsoft have fixed this in Win 2000 RC2, not much good for me though :(<BR><BR>Thanks<BR><BR>Ian<BR>i.pye@mia.co.uk

  2. #2
    Join Date
    Dec 1969
    Posts
    736

    Default RE: Security flaw within ASP

    Sorry - its ::$Data

  3. #3
    Sathiya Guest

    Default RE: Security flaw within ASP

    did u got any chance to test what you had said.<BR><BR>www.yourweb.com/youraspfile.asp::$Data

  4. #4
    Join Date
    Dec 1969
    Posts
    50

    Default RE: Security flaw within ASP

    I&#039ve worked with ASP for couple years by now and never heard a joke like that. It&#039s a good one.


  5. #5
    Michael Swanson Guest

    Default RE: Security flaw within ASP (No Joke!)

    This is certainly not a joke if you haven&#039t patched the problem. You can read about it at Microsoft&#039s site:<BR><BR>http://support.microsoft.com/support/kb/articles/Q188/8/06.asp<BR><BR>Michael Swanson, MCSE, MCP+Internet<BR>Webmaster<BR>Donnelly Corporation<BR>mike.swanson@donnelly.com

  6. #6
    Ian Stallings Guest

    Default RE: Security flaw within ASP

    If you have your permissions set correctly this should not be a<BR>problem. But definetly check it out, this does work, I&#039ve<BR>used it myself.

  7. #7
    Join Date
    Dec 1969
    Posts
    736

    Default RE: Security flaw within ASP

    You wont be laughing when someone copies your code or even worse gets access to your SQL database. See http://support.microsoft.com/support/kb/articles/Q188/8/06.asp<BR><BR>Ian

  8. #8
    Join Date
    Dec 1969
    Posts
    736

    Default RE: Security flaw within ASP

    Yes, more than once to make sure!

  9. #9
    Join Date
    Dec 1969
    Posts
    736

    Default RE: Security flaw within ASP (No Joke!)

    Thanks Michael!

  10. #10
    Shankar Guest

    Default RE: Security flaw within ASP

    I checked with my webmaster friend who says that this bug can be sorted of byb applying SP4.<BR><BR>Shankar

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •