-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Wouldn't it be fairer to say that badly implemented security is dangerous
if/when it sends passwords in plaintext, therefore allowing them to be
sniffed...
In a perfect world sniffers would be useless as password capture tools since
all secure traff
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
isn't the simplest way just to have an ASP page check the session
variables and then (based on HTTP_REFERER) serve either the correct
image or some other resource if this being linked from outside your
site?
the only real problem here is that the s
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -Original Message-
From: Greg Ardpic [mailto:[EMAIL PROTECTED]]
Sent: 18 September 2001 14:41
To: [EMAIL PROTECTED]
Subject: path disclosure
Hello
A friend of mine said that my IIS server has path disclosure
vulnerability. So i wonder
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Personally when trying to disect a troublesome POST form I;
copy the html page with the form in to the local system
modify the form's action to http://localhost:81/x.asp
use netcat to listen on port 81 of localhost
load the local copy of the pag