Results 1 to 10 of 15

Thread: Asp Server Exploit

Thread Tools
- Show Printable Version
Display
- Switch to Linear Mode
- Hybrid Mode
- Switch to Threaded Mode

Hybrid View

September 15th, 2003, 04:11 AM #1
Juridian

View Profile

View Forum Posts

Visit Homepage
Ninja Code Monkey

Join Date

Nov 2001

Location

Washington State

Posts

1,027
Ok.....this thread is going to retardville in a hurry.

There is no exploit other than your poor solution. You are using the file system objects which are a com library put there for dealing with directories, files, etc. They give access to everything on the drive because of the account you're using to run the scripts. If you want to do a custom solution for writing pages to your server then for god's sake write your own file access component that uses com+, the proper group/account based security, and a real authentication method.

As I said before...the problem is pebcak.

"When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
"There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
"Mischief my ass, you are an unethical moron." - chsh
Blog of X
Reply With Quote

Quick Navigation Programming Security Top

« Previous Thread | Next Thread »

Posting Permissions

You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
[VIDEO] code is On
HTML code is Off

Forum Rules

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Thread: Asp Server Exploit

Thread Tools

Display

Hybrid View

Posting Permissions