Vulnerability Development mailing list archives
RE: Outlook Web Access view include files vulnerability
From: danmiller () carolina rr com
Date: Wed, 20 Feb 2002 17:27:02 GMT
Do not let web users access asp include files. They should only be accessed by the user running the asp scripts (usually IWAM_MACHINENAME). I used to associate .inc files with the asp dll so that the source wouldn't be returned to the user (if you have patched all the MS view source bugs), but I don't know if you can pass parameters to them or if there would be any other ill effects.
Current thread:
- Outlook Web Access view include files vulnerability mafj (Feb 19)
- Re: Outlook Web Access view include files vulnerability Eric (Feb 21)
- <Possible follow-ups>
- RE: Outlook Web Access view include files vulnerability danmiller (Feb 21)