RE: are my binaries being exposed on my ASP.NET website?
From: Dominick Baier (db_at_die-lounge.com)
Date: 11/25/03
- Previous message: Mark Burnett: "Re: how do I force secure ASP.NET session cookies?"
- In reply to: ed.devlin_at_detica.com: "are my binaries being exposed on my ASP.NET website?"
- Next in thread: Thor: "Re: are my binaries being exposed on my ASP.NET website?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <ed.devlin@detica.com>, <focus-ms@securityfocus.com> Date: Tue, 25 Nov 2003 18:37:49 +0100
Hi,
I think this consultant should give you a detailed explanation and some
screenshots.
by the way - he should have an explanation - not you.
bye
dominick
-----Original Message-----
From: ed.devlin@detica.com [mailto:ed.devlin@detica.com]
Sent: Dienstag, 25. November 2003 12:10
To: focus-ms@securityfocus.com
Subject: are my binaries being exposed on my ASP.NET website?
We've had some security consultants go over our website looking for
vulnerabilities, and they've found a binary file exposure problem, but I
can't reproduce it - has anyone seen something like this?
My website runs on SSL and uses forms-based authentication. IIS lockdown
and URLScan 2.5 are installed. WebDAV is ENABLED (with restricted verbs)
for file transfer by special users (using integrated Windows authentication)
Hacker goes to my login page and logs in using correct credentials. Once
logged in, the hacker removes the ".aspx" extension from a URL, and is given
a binary file in response to the request!
I can't get this to work on any of my test browsers (I always get a 404),
but the consultant assures me he reproduced it using IE 6.0 and a personal
proxy.
Could it be IIS handing out a fragment of pre-compiled ASPX code-behind?
Might it be to do with debug settings in web.config?
If you have any ideas please let me know
Thanks
Ed
---------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: Mark Burnett: "Re: how do I force secure ASP.NET session cookies?"
- In reply to: ed.devlin_at_detica.com: "are my binaries being exposed on my ASP.NET website?"
- Next in thread: Thor: "Re: are my binaries being exposed on my ASP.NET website?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
