Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

security warning for ASP driven web sites

Options
  • 16-08-2000 4:37pm
    #1
    Bard
    Registered Users Posts: 12,309 ✭✭✭✭


    got this as part of a report from aspynews.com. thought it may be of interest.... anyone?

    ********************************************************
    WE CAN SEE YOUR GLOBAL.ASA and .ASP FILES
    WHETHER YOU LIKE IT OR NOT!

    A very kind soul Daniel Doèekal <ddoc@mia.cz> wrote me with the contents of my global.asa and suggested I should patch my server. He seemed to think the "TRANSLATE F" bug was a well-known bug. By the end of the day we were both surprised to find 90% of the ASP sites in the world vulnerable.

    Read: http://www.learnasp.com/learn/translatef.asp
    and use the script there to check if your global.asa or asp scripts are compromised.
    That article will point you to a great 4guys article where they summarized all the research and the hot-fix URL.

    He wrote a brilliant script that checks FOR the past security glitches (For example HTW, $DATA, etc.) I recommend trying @ http://security.namodro.cz/urlcheck.asp?lang=en
    to see if your servers have not been patched against earlier bugs.

    If you want to discuss cutting-edge ASP security issues join: http://www.asplists.com/aspsecurity

    *****************************************************************


    Bard
    |home page


This discussion has been closed.
Advertisement