Vulnerability Development mailing list archives
Re: Weakness in default.asp [Hackemate.com Research]
From: Thor () HammerofGod com
Date: Mon, 12 Nov 2001 15:08:51 -0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Just a quick reply... One should always turn off detail ODBC error logging on production systems. When you do so, you would get a standard "Internal Server Error" by default rather than the detailed errors. This is true for IIS 4.0 and 5.0. hth At 04:45 PM 11/12/2001 -0300, KeRoZeNe [Hackemate] wrote:
When you ask for a certain URL, it shows the real path of the Web Site files in the server. It can be exploited this way: http://www.website.com/default.asp?sector=anything For example: http://www.tectimes.com/SistemaMas/default.asp?sector=lamers It will respond with the nexy data: error '80020009' Exception occurred. D:\SITIOS_WEB\TECTIMES\NUEVO\SISTEMAMAS\../body.htm, line 74
-----BEGIN PGP SIGNATURE----- Version: PGP 7.1 iQA/AwUBO/BWg4hsmyD15h5gEQI/swCgkwmsL96IF9dL/KK+NAE5CQEt1NAAniDQ eORoCbZMaO+K91837kHdFmHB =AOfB -----END PGP SIGNATURE-----
Current thread:
- Weakness in default.asp [Hackemate.com Research] KeRoZeNe [Hackemate] (Nov 12)
- Re: Weakness in default.asp [Hackemate.com Research] Thor (Nov 12)