WebApp Sec mailing list archives
RE: .asp giving 404
From: Steve Syfuhs <ssyfuhs () objectsharp com>
Date: Thu, 14 Apr 2011 19:25:15 -0400
What are the read/write permissions on your page versus the permissions on the working pages? -- Sent from my Windows Phone 7 -- -----Original Message----- From: Robin Wood Sent: Thursday, April 14, 2011 7:23 PM To: Calderon, Juan Carlos (GE, Corporate, consultant) Cc: webappsec () securityfocus com Subject: Re: .asp giving 404 On 13 April 2011 14:37, Calderon, Juan Carlos (GE, Corporate, consultant) <juan.calderon () ge com> wrote:
3 things on top of my mind 1. Your page is doing a "unaware" redirection to a non existing page, so it is loaded, but then it redirects you (or transfer you, they are different in ASP) and you get the 404 error massage
I tried a page that purely did a response.write and that failed.
2. Antivirus is detecting and removing the shell or putting it on quarantine (not likely if it is a web page)
as above, that wouldn't have been blocked
3. IIS server is hardened and classic asp pages are "served" by 404.dll a dll created by MS to prevent access to pages of certain type.
The existing .asp pages worked fine.
From memory I think it has to do with either ownership or permissions
on the files but I can't remember enough about it. Robin
Hope it helps, Juan C Calderon -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Robin Wood Sent: Tuesday, April 12, 2011 12:00 PM To: webappsec () securityfocus com Subject: .asp giving 404 On a recent test I got FTP write access to a web server which had an ASP based site on it. I uploaded an ASP shell and tried to browse to it but got a 404. I uploaded it to a directory that had directory listing enabled and confirmed the file was there but again browsing to it gave a 404. I uploaded a text file and image and could browse to both of those fine. I also tried downloading an existing page and modifying that then re-uploading it but didn't have permission to overwrite the file. I vaguely remember something to do with file permissions having to be set correctly for ASP to run from years ago when I did some dev work in it but can't remember. Can someone tell me what was likely to have been going on and if there is any way around it given the access I had? Robin This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus -------------------------------------- This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
Current thread:
- .asp giving 404 Robin Wood (Apr 13)
- RE: .asp giving 404 Calderon, Juan Carlos (GE, Corporate, consultant) (Apr 13)
- Message not available
- Fwd: .asp giving 404 arvind doraiswamy (Apr 14)
- Message not available
- Message not available
- Re: .asp giving 404 Robin Wood (Apr 14)
- RE: .asp giving 404 Calderon, Juan Carlos (GE, Corporate, consultant) (Apr 13)
- Re: .asp giving 404 Robin Wood (Apr 14)
- <Possible follow-ups>
- RE: .asp giving 404 Steve Syfuhs (Apr 14)
- Re: .asp giving 404 Robin Wood (Apr 15)
- Message not available
- Re: .asp giving 404 Robin Wood (Apr 15)
- Re: .asp giving 404 Robin Wood (Apr 15)