Re: are my binaries being exposed on my ASP.NET website?

• Previous message: Olaf Kilian: "Re: local admin account password"
• Maybe in reply to: ed.devlin_at_detica.com: "are my binaries being exposed on my ASP.NET website?"
• Next in thread: Jimi Thompson: "Re: are my binaries being exposed on my ASP.NET website?"
• Reply: Jimi Thompson: "Re: are my binaries being exposed on my ASP.NET website?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "Ed Devlin" <Ed.devlin@detica.com>, <focus-ms@securityfocus.com>
Date: Wed, 26 Nov 2003 07:25:58 -0800

RE: are my binaries being exposed on my ASP.NET website?Sorry, I missed
that-- when I read "remove the extension" my brain said "rename file." The
consultant is reporting that all he does is remove the extension from the
URL and he gets the binary files? Yet you can't reporduce it? Similar to the
old :DATA bug?

I think it is time you use the two words consultants just love to here:
"Show me."

t

----- Original Message -----
From: Ed Devlin
To: 'Thor' ; focus-ms@securityfocus.com
Sent: Wednesday, November 26, 2003 3:35 AM
Subject: RE: are my binaries being exposed on my ASP.NET website?

Thanks for your response. I agree that WebDAV is a bit naughty, from a
security point of view, and file renaming could be used to fool the ISAPI
extensions.
But the technique that our consultant is using does not require any renaming
of files using WebDAV. The attack is simply to issue a request for a page
without its .aspx extension, when logged into the public-facing website.
As I said, I can't reproduce it. I just wondered if anyone else had
seen/heard of something like this....
Ed

---------------------------------------------------------------------------
---------------------------------------------------------------------------

• Previous message: Olaf Kilian: "Re: local admin account password"
• Maybe in reply to: ed.devlin_at_detica.com: "are my binaries being exposed on my ASP.NET website?"
• Next in thread: Jimi Thompson: "Re: are my binaries being exposed on my ASP.NET website?"
• Reply: Jimi Thompson: "Re: are my binaries being exposed on my ASP.NET website?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]