Comment Re:"no security hole exists" (Score 1) 176
There is definitely a security hole here. I don't
care who says there is not. I went to bugtraq,
d/l'ed the exploit perl script and ran it against
my work web server specifiying an .asp page as the
argument and it displayed the entire .asp page
with all scripts visible. If there had been
connection strings (ie for database connectivity)
they *would* have been visible to me. This is
*definitely* a security hole!!! I have since
deleted the .dll file at fault and the exploit
no longer works....
-=] Stardrake [=-
care who says there is not. I went to bugtraq,
d/l'ed the exploit perl script and ran it against
my work web server specifiying an
argument and it displayed the entire
with all scripts visible. If there had been
connection strings (ie for database connectivity)
they *would* have been visible to me. This is
*definitely* a security hole!!! I have since
deleted the
no longer works....
-=] Stardrake [=-
