IIS Virtual Directory Hacks
- From: "jonathan haughey" <jonathan.haughey@xxxxxxxxxxxxxxx>
- Date: Mon, 22 May 2006 12:02:38 +0100
I am publishing a web application in asp that will allow my users to access
a sql database, each user will have a virtual directory that will give them
an interface to access their respective database.
My worry is that they will be able to access each others virtual directories
and hence modify the respective database.
I want to test the application and ensure that users cannot access each
others virtual directories and databases.
I have already tested that they cannot insert the name of another users
virtual directory followed by a file name, that they can find out from their
own virtual directory.
The users have no access to the IIS server apart from via their Virtual
directory. I need to secure this application and make it water tight.
I am looking for some suggestions for how to possibly hack another users
virtual directory.
Any help here would be greatly appreciated.
Many thanks in advance.
.
- Follow-Ups:
- Re: IIS Virtual Directory Hacks
- From: Jeff Cochran
- Re: IIS Virtual Directory Hacks
- Prev by Date: Re: Service principal name (SPN) / Active Directory Problem
- Next by Date: Re: IIS Virtual Directory Hacks
- Previous by thread: Re: One Domain with 2 websites and 2 SSL Certs
- Next by thread: Re: IIS Virtual Directory Hacks
- Index(es):
Relevant Pages
|
|
