Aunty Spam's
Slam a Spammer Blog

Home RSS Archives Aunty's CAN-SPAM eBook with FREE pdf! Spam & the Law Conference Add to My Yahoo! Subscribe with Bloglines
SEND A QUESTION OR COMPLIMENT TO AUNTY! BE SURE TO ADD THE .com AT THE END!

October 7, 2004

Gaping Security Hole a Pain in the ASP

Posted 2 days, 20 hours ago on October 7, 2004
A gaping hole has just been discovered in Microsoft's ASP.NET product, which allows access to password protected areas of a website just be altering the URL for access.

According to an article published by Netcraft today, the issue involves "a bug in ASP.NET's handling of URLs, known as "canonicalization." If a visitor to an ASP.NET site substitutes '\' or '%5C' for the '/index.html' character in the URL, they may be able to bypass password login screens. The technique may also work if a space is subsituted for the slash"

While there is no fix available yet, Microsoft is offering guidance on how to deal with the issue here.

You can read more about this here.
The trackback url for this post is http://www.aunty-spam.com/bblog/trackback.php/108/

No comments, be the first!


Add Comment

( to reply to a comment, click the reply link next to the comment )

 
Comment Title
 
Your Name:
 
Email Address:
Make Public?
 
Website:
Make Public?
 
Comment:
 
 
 

Recently

Gaping Security Hole a Pain...
Make Your C*ck a Hammer...
Nigerian 419 Spam: The Video
No More Free Outlook...
FCC to Publish List of...

Aunty Spam Provided By ISIPP

CAN-SPAM Teleseminar 5/6/04
CAN-SPAM Teleseminar 5/13/04
Spam & the Law Conference 7/29/04
CAN-SPAM Compliance Pack

Other Blogs & Sites

Fun Anti-Spam Novelty Products
The Spam Blog
Spam Primer
Ask Leo
DadsRights.org




Slam a Spammer
Store!
Powered by bBlog