RE: are my binaries being exposed on my ASP.NET website?Sorry, I missed
that-- when I read "remove the extension" my brain said "rename file." The
consultant is reporting that all he does is remove the extension from the
URL and he gets the binary files? Yet you can't reporduce it? Similar to the
old :DATA bug?
I think it is time you use the two words consultants just love to here:
"Show me."
t
----- Original Message -----
From: Ed Devlin
To: 'Thor' ; focus-ms (at) securityfocus (dot) com [email concealed]
Sent: Wednesday, November 26, 2003 3:35 AM
Subject: RE: are my binaries being exposed on my ASP.NET website?
Thanks for your response. I agree that WebDAV is a bit naughty, from a
security point of view, and file renaming could be used to fool the ISAPI
extensions.
But the technique that our consultant is using does not require any renaming
of files using WebDAV. The attack is simply to issue a request for a page
without its .aspx extension, when logged into the public-facing website.
As I said, I can't reproduce it. I just wondered if anyone else had
seen/heard of something like this....
Ed
that-- when I read "remove the extension" my brain said "rename file." The
consultant is reporting that all he does is remove the extension from the
URL and he gets the binary files? Yet you can't reporduce it? Similar to the
old :DATA bug?
I think it is time you use the two words consultants just love to here:
"Show me."
t
----- Original Message -----
From: Ed Devlin
To: 'Thor' ; focus-ms (at) securityfocus (dot) com [email concealed]
Sent: Wednesday, November 26, 2003 3:35 AM
Subject: RE: are my binaries being exposed on my ASP.NET website?
Thanks for your response. I agree that WebDAV is a bit naughty, from a
security point of view, and file renaming could be used to fool the ISAPI
extensions.
But the technique that our consultant is using does not require any renaming
of files using WebDAV. The attack is simply to issue a request for a page
without its .aspx extension, when logged into the public-facing website.
As I said, I can't reproduce it. I just wondered if anyone else had
seen/heard of something like this....
Ed
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]