WebApp Sec mailing list archives

Re: IIS log

From: jamesworld () intelligencia com
Date: Tue, 05 Aug 2003 16:49:18 -0500

Yes, this is a serious issue. Tell your web developers to get their headout of their a $ $ because they've coded a liability that could destroythe company!


Big time problem.

Copy a few lines of the log and past them into a response.


MAKE SURE YOU MODIFY THE CC NUMBERS!!!!!!!

At 14:34 8/5/2003, Justin H Tran wrote:

I just viewed an IIS log and I noticed that the credit card # is loogged.
I beleive that this is a major flaw to log credit card # is clear text.
Does anyone have any advice?


Regards,
Justin

Current thread:

IIS log Justin H Tran (Aug 05)
- Re: IIS log Alejandro Flores (Aug 05)
- Re: IIS log Randy (Aug 05)
- <Possible follow-ups>
- RE: IIS log Michael Howard (Aug 05)
  - RE: IIS log Richard M. Smith (Aug 05)
- Re: IIS log dotnetter (Aug 05)
- Re: IIS log jamesworld (Aug 05)
- RE: IIS log Nelson, Ernie (Aug 05)