A gaping hole has just been discovered in Microsoft’s ASP.NET product, which allows access to password protected areas of a website just be altering the URL for access.
According to an article published by Netcraft today, the issue involves “a bug in ASP.NET’s handling of URLs, known as “canonicalization.” If a visitor to an ASP.NET site substitutes ” or ‘%5C’ for the ‘/’ character in the URL, they may be able to bypass password login screens. The technique may also work if a space is subsituted for the slash”
You can read more about this here.
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.