Thursday, September 30, 2004

Even more Research on the ASP.NET Vulnerability

My previous post was based on an incomplete test scenario.

what i can say by now is - i can reproduce the bug on Windows XP with 1.1 and even 1.1 SP1.

i cannot reproduce the bug on Windows 2003 with and without the service pack.

you can try yourself if you are vulnerable. fritz hacked up a quick proof of concept web app. download it and try if the following url gives you "you shouldn't be able to see this without authenticating". FormSec.zip (12,84 KB)

http://localhost/formsec/secure%5Csecret.aspx

 


Work in Progress
Thursday, September 30, 2004 9:12:50 PM UTC  #   Tracked by:
http://www.leastprivilege.com/PermaLink.aspx?guid=2548731d-464f-4acb-b7dc-58757e... [Pingback]
http://blogs.squaretwo.net/PermaLink.aspx?guid=6547fcb9-2a69-4c39-b5db-07c935da5... [Pingback]
http://www.ecyware.com/blog/PermaLink.aspx?guid=1ea953f8-1f45-4456-8146-10ea4341... [Pingback]
"phentermine diet pill esolutions com" (phentermine diet pill esolutions com) [Trackback]
"Online Poker Statistics" (Online Poker Statistics) [Trackback]
"free poker" (free poker) [Trackback]

© Copyright 2010 Dominick Baier


RSS 2.0|Atom 1.0|CDF    Send mail to the author(s) | Page rendered at Thursday, July 29, 2010 9:16:52 PM UTC