I know this is bad......

[Maestr0]

Not sure that I would be seriously pissed, it is at least easily remedied. Obviously they need to fix the missing file, and disable "ASP Debugging" and "Send detailed ASP error messages to client" (I'm assuming its IIS 6.0, its in iis.msc) Crystal Reports have had a few vulns (file deletions,and DoS I think) but I think anyone worth their salt could determine the system is using Crystal without the aforementioned leak. The debugging is something that is clearly useful in development but should not be enabled on a production machine, we are all aware that misconfiguration can be just as dangerous as an application vulnerability, but some people just never learn to RTFM


-Maestr0

[Juridian]

Actually, whoever is developing the site is a noob. The asp.net environment should be configured so that it shows friendly error messages only to anyone externally, the stack trace information and so on could easily be caught and emailed to an administrator or logged appropriately with people being notified. This is **** they teach you in the asp.net 101 type of class.

The configuration should be handled via web.config in the web root. The stack trace handling is easy enough to do via maybe 10 lines of code in the global.asax file.

These guys are failing basic web app security and should probably be pointed at owasp.org and msdn.com .

Their inability to do basic error handling and graceful failure is just letting people get their foot in the door and collect info about their web app.

[codelogman]

Hi

[Exception: Load report failed.]

this error is consequence of:

[COMException (0x80004005): The system cannot find the path specified.]

First, you can generate first the solution with a new web.config file? if yes, you try it..

Second, the CrystalReport assemblies is on the correct path?

Third, the path need to be shared path?

Four, This error (0x80004005) ocurs when the report filename is incorrect (the report result or MS says Crystal Object)

Saludos