Results 1 to 2 of 2

Thread: Vulnerability in Microsoft ASP.NET

  1. October 8th, 2004, 03:45 PM #1
    SDK
    SDK is offline
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126

    Vulnerability in Microsoft ASP.NET

    Check the link!

    http://www.microsoft.com/security/incident/aspnet.mspx
    -Simon \"SDK\"
    Reply With Quote Reply With Quote
  2. October 11th, 2004, 01:22 PM #2
    SirDice
    SirDice is offline
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    As usually is the case, they're extremely scarce with info.

    Reports have indicated that an attacker could send specially crafted requests to a Web server running ASP.NET applications and bypass forms based authentication or Windows authorization configurations, and potentially view secured content without providing the proper credentials.
    It basicly means that if you replace a / (forward slash) with a \ (backslash) in the URL you can circumvent the authentication mechanism.

    NTBugtraq post

    (Hope this long url bug is fixed )
    Oliver's Law:
    Experience is something you don't get until just after you need it.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules