![[Chaos CD]](../../images/chaoscd.jpg){kind=small} |
| ![[Gescannte Version]](../../images/scan.jpg){kind=small} |
![[ -- ]](../../images/prev.jpg){kind=small} |
![[ ++ ]](../../images/next.jpg){kind=small} |
![[Suchen]](../../images/search.jpg){kind=small} |
|
| |
|
|
|
CRD: ASP Sicherheitsloch Nr. wieviel?!Active server pages (ASP) with runtime errors expose a security hole that publishes the full source code name to the caller. If these scripts are published on the internet before they are debugged by the programmer, the major search engines index them. These indexed ASP pages can be then located with a simple search. The search results publish the full path and file name for the ASP scripts. This URL can be viewed in a browser and may reveal full source code with details of business logic, database location and structure.In the Altavisa search engine execute a search for +"Microsoft VBScript runtime error" +".inc, "; Look for search results that include the full path and filename for an include (.inc) file; Append the include filename to the host name and call this up in a web browser. <tom> Quelle: http://www.jwsg.com
|
[Datenschleuder]
[70]
CRD: ASP Sicherheitsloch Nr. wieviel?!