2004 - 1,967 views,

Summary: A gaping hole has just been discovered in Microsoft's ASP.NET product, which allows access to password protected areas of a website just be altering the URL for access. According to an article published by Netcraft today, the issue involves "a bug in ASP.NET's handling ...

Previous Article « Make Your C*ck a Hammer (Spamusement Cartoon)
Read Next Article » Vote for Whomever You Want - But Don’t Take This Poll!

ORDER YOUR POPCORN TODAY AND HELP US MAKE OUR GOAL!

A gaping hole has just been discovered in Microsoft’s ASP.NET product, which allows access to password protected areas of a website just be altering the URL for access.

According to an article published by Netcraft today, the issue involves “a bug in ASP.NET’s handling of URLs, known as “canonicalization.” If a visitor to an ASP.NET site substitutes ” or ‘%5C’ for the ‘/’ character in the URL, they may be able to bypass password login screens. The technique may also work if a space is subsituted for the slash”

While there is no fix available yet, Microsoft is offering guidance on how to deal with the issue here.

You can read more about this here.

Previous Article « Make Your C*ck a Hammer (Spamusement Cartoon)
Read Next Article » Vote for Whomever You Want - But Don’t Take This Poll!

Email the link for this page to a friend!

» Security Hole in Microsoft Excel

» Microsoft WMF Patch for Windows Metafile (WMF) Issue Released Early - Get It Now!

» Security Hole in Word Allows Attack Through Email with Ginwui.a Trojan

For additional similar stories check out our archives on Everything Else

No Comments »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Warning! All comments which contain URLs and are clearly just spam to generate a link back to the URL will be deleted on sight. Don't bother wasting your time!
If you are going to include a URL in your comment,
please keep it under 25 characters in length,
or use TinyURL to shorten it before including it in your comment.
Line and paragraph breaks are automatic, your email address is never displayed.
HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

About

About TIP

About Anne

Follow Anne On:

Twitter
Linked In
Facebook
MySpace

Read The Internet Patrol on Your Kindle here!

(Don't have a Kindle? Read about and get one here.)

Categories

Amazon
AOL
Apple & Mac
Around the World
Bargains
Bluetooth
Boneheads
Books
Cell Phones
eBay
Email
Email Hosting
Everything Else
facebook
File Sharing & P2P
Gaming
Good Guys
Google
Gotchas
GPS
Hacking
Handhelds & PDAs
Identity Theft
Instant Messengers
Internet Explorer
Internet Law
Internet Marketing
Internet Providers
Internet Television
Internet Video
iPods & MP3
Just Plain Wrong
Microsoft
Music Download
MySpace
Oddities
Online Dating
Over 18
Paypal
Phishing
Pirates
Podcasting
Privacy
Reviews
RFID
Scams
Security
Sidekicks
sms
Social Networking
Society
Spam
Spam Blockers
Spam Whacks
Spyware & Adware
text messaging
Tivo & ReplayTV
Useful & Fun Stuff
Video Downloads
Virus & AntiVirus
VoIP
What Do You Think?
Windows
Wireless Wifi
Worms
Yahoo

Get a FREE summary of the week's articles every Friday!
We NEVER share your email address, and you can stop them any time!

Be sure to watch for the confirmation email!

Last 3 Articles

New Email Scam Includes Passport Picture and More
Chinese Government Eavesdropping on and Intercepting Skype Text Messages and Chat
Order Boy Scout Popcorn Tins Online! Get Gourmet Popcorn Gift Tins, or Even Donate Popcorn Gifts to the Troops, All from the Comfort of Your Computer

Recent Comments to Our Articles

→ Says carlos posada: BRITISH NATIONAL LOTTERY HEADQUARTERS:28 TAN FIELD ROAD,CROYDON, LONDON.CUSTOMER SERVICERef: UK/940X2/68 Dear Winner, We are pleased to inform you of the final announcement of read

→ Says Charli: Yes the shipper must collect the insurance but and this is a big but, if they keep the money and don't replace the item you read

→ Says apollinaire: je viens de recevoir le pareil message comme mes prédécésseur,ce sont des arnaqueurs! read

→ Says Chris: Just got this aboute the MYSPACE INTERNATIONAL LOTTERY INC: MYSPACE INTERNATIONAL LOTTERY INC SPACE HOUSE, Plot 24 Bachelors Lane, Green shire, New Castle Nez 4PP-England +447026545163 Date:03/10/2008 Ref:06/8755412/2008 Batch no;987644329/654 WINNING NO: WFD 6540089 GILI It read

→ Says morsli boubakeur: Name:Morsli Boubakeur Address: 02 cite 25 l.s.p sidi ali benyoub Age:: 18/081979 in sidi belabbess Occupation:cartographe Phone no:+213(0)40408293 Contry : Algeria Bank Name:Bank B.E A OF ALGERIA Bank Address:25 read

→ Says locksalish: Does anyone else think the Refer-a-Friend bonuses being given out are (in-part) a means to get low level players leveled up in time for WotLK? read

→ Says RAM CHANDRA HALDER: i get a mail n agents contact no. +8613710975323. read

→ Says tom: very good review, it help me...I'm an old man with a sidekick bonding with my song read

→ Says Alex G. Bell :): Mods, here like the last word, she banned me, I banned her from my inbox, she was continually going on and on with her power read

→ Says PoorFreeCycle: Interesting that I search the internet about FreeCycle complaints about moderators, and this page talks about the same moderator/dictator at the San Jose group. The read

→ Says rahul: i want to know the phone number 380933542464 read