Gaping Security Hole a Pain in the ASP

The Internet Patrol default featured image
Share the knowledge

A gaping hole has just been discovered in Microsoft’s ASP.NET product, which allows access to password protected areas of a website just be altering the URL for access.

According to an article published by Netcraft today, the issue involves “a bug in ASP.NET’s handling of URLs, known as “canonicalization.” If a visitor to an ASP.NET site substitutes ” or ‘%5C’ for the ‘/’ character in the URL, they may be able to bypass password login screens. The technique may also work if a space is subsituted for the slash”

You can read more about this here.

Get New Internet Patrol Articles by Email!

The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link

 


Share the knowledge

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.