Bugtraq mailing list archives
Something to URGE for Windows NT/2000 administrators
From: Daniel Docekal <ddoc () MIA CZ>
Date: Mon, 14 Aug 2000 20:31:00 +0200
Dears, while this is not WindowsNT only related list, following relates to any of us, because ignorancy of some webmasters running IIS (Internet Information Server) 4.0/5.0 is somehow exceeding acceptable level. During informal test done by our security team we have found that MOST of tested IIS4/5 webs are vulnerable to NULL.HTW, +.HTR or Translate:f security bugs - because of this, anybody can access source code of scripts, grab passwords/names or locations to Access MDB files. In dozens of cases we were able to download megabytes of databases containing anything from thousands of e-mail adresses up to logon names with passwords (and as well known, people are using the same password all over the Internet). We have notified webmasters having such buggy webs, but surprisingly, some of responses were lacking understanding and their webs are open even weeks after we have discovered this. I hereby want to URGE all Windows NT/2000 administrators to take seriously security bugs leading to accessible ASP/ASA sources (including $DATA which still plagues around 15% of tested webs). Thank you Daniel
Current thread:
- Something to URGE for Windows NT/2000 administrators Daniel Docekal (Aug 15)