Gaping Security Hole a Pain in the ASP

The Internet Patrol - Patrolling the Internet for You
Spread the love

A gaping hole has just been discovered in Microsoft’s ASP.NET product, which allows access to password protected areas of a website just be altering the URL for access.

According to an article published by Netcraft today, the issue involves “a bug in ASP.NET’s handling of URLs, known as “canonicalization.” If a visitor to an ASP.NET site substitutes ” or ‘%5C’ for the ‘/’ character in the URL, they may be able to bypass password login screens. The technique may also work if a space is subsituted for the slash”

You can read more about this here.

No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free?
Click for amount options
Other Amount:
What info did you find here today?:

Spread the love

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.