[REVS] E-mail Spoofing and CDONTS.NEWMAIL (Protecting Microsoft Active Server Pages Applications)
From: support@securiteam.comDate: 01/11/02
- Previous message: support@securiteam.com: "[EXPL] XTerm UnixWare Exploit Code Released (-xrm)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: Fri, 11 Jan 2002 16:21:19 +0100 (CET)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
E-mail Spoofing and CDONTS.NEWMAIL (Protecting Microsoft Active Server
Pages Applications)
------------------------------------------------------------------------
SUMMARY
A very good paper describing the security problems faced by administrators
when they implement the CDONTS.NEWMAIL object and how they can overcome
them is now available.
DETAILS
Abstract:
Many IIS web servers running ASP applications will use the CDONTS.NEWMAIL
object to provide the functionality for feedback or contact forms. This
paper will examine how the CDONTS.NEWMAIL object can be used by attackers
to send arbitrary e-mails via the vulnerable web server and what must be
done to prevent an online ASP application being abused in this way. This
paper is written to show ASP developers the importance of client input
validation and that without it even the most seemingly innocuous code can
become dangerous.
ADDITIONAL INFORMATION
The complete article is available at the following URL:
<http://www.nextgenss.com/papers/aspmail.pdf>
http://www.nextgenss.com/papers/aspmail.pdf
The information has been provided by <mailto:david@ngssoftware.com> David
Litchfield.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[EXPL] XTerm UnixWare Exploit Code Released (-xrm)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
- Re: File Upload - Security Issues
... You want to upload a file for what reason and you do ... file and what pitfalls
you see re: security might be helpful on this end?! ... files to an IIS server that
doesn't have MS Office actually installed? ... 2* Upon submit this is submitted to an ASP
page that then (using the XML ... (microsoft.public.scripting.vbscript) - AW: ASP Dot Net Security Guidelines
... Betreff: Re: ASP Dot Net Security Guidelines ... Basically you'll treat an asp.net
application server as you would an asp ... > to set the permissions as it brings
up access denied errors on the ... (Focus-Microsoft) - Re: VB Component debugging as anonymous access
... formatting the date on the LCID 1046 as dd/mm/yyyy, ... behavior both in ASP
and in my component, ... security on the Web Server, ... Thats why I need the debugger
... (microsoft.public.inetserver.asp.components) - Re: Security Scan on IIS shows files and folders
... > Recently our comapny had a Professional Security Scan done one of our ...
I recommend checking your IIS web logs. ... who can guess the name of the files and folders
can view them. ... to .Old or .Bak is a serious problem as the attacker gets to see your .ASP
... (microsoft.public.inetserver.iis.security) - RE: passwords in asp pages
... > I am new to security and I have no training in asp programming, ...
> server and the user does not see them, and there do not seem to be any ... vulnerability
is 0day; unknown to vendors, ... (Security-Basics)
