Mailinglisten-Archive |
Sorry für die volle Übernahme, es wird aber sicher einige interessieren. Ciao, erich ____________________________ "Joshua J. Drake" wrote: > > The following is also true for PHP. Naming PHP include files .inc gives > anyone full-read access to the files by simply requesting them by name. > > The solution of course is to do one of the following: > > a. name php include files with a PHP extension (.php, .php3, etc) that is > associated with PHP parsing them > b. associate .inc files with PHP so that they are parsed and not displayed > > > It has been preached by the ASP industry professionals for as long as I've > > been in it, that ALL included files MUST have a ".asp" extension and that > > ASP debugging should be disabled on all production servers in order to keep > > all code out of evil hands. > > > > The problem here is 100% between the chair and the keyboard. > > > > -----Original Message----- > > From: bgreenbaum_(at)_SECURITYFOCUS.COM [mailto:bgreenbaum_(at)_SECURITYFOCUS.COM] > > Sent: Wednesday, February 09, 2000 7:22 PM > > To: BUGTRAQ_(at)_SECURITYFOCUS.COM > > Subject: ASP Security Hole (fwd) > > > > Forwarded with permission of the author. Please direct all replies to > > jwalsh_(at)_jwsg.com. > > > > Ben Greenbaum > > Director of Site Content > > Security Focus > > http://www.securityfocus.com > > > > ---------- Forwarded message ---------- > > Description: > > ============ > > Active server pages (ASP) with runtime errors > > expose a security hole that publishes > > the full source code name to the caller. > > If these scripts are published on the > > internet before they are debugged by > > the programmer, the major search > > engines index them. These indexed > > ASP pages can be then located with a > > simple search. The search results publish > > the full path and file name for the ASP > > scripts. This URL can be viewed in a browser > > and may reveal full source code with > > details of business logic, database location > > and structure. > > > > Procedure: > > ========== > > - In the Altavisa search engine execute a search for > > +"Microsoft VBScript runtime error" +".inc, " > > > > - Look for search results that include the full > > path and filename for an include (.inc) file. > > > > - Append the include filename to the host name > > and call this up in a web browser. > > Example: www.rodney.com/stationery/browser.inc > > > > Examples: > > ========= > > http://shopping.altavista.com/inc/lib/prep.lib > > Exposes database connections and properties, resource locations, > > cookie logic, server IP addresses, business logic > > > > http://www.justshop.com/SFLib/ship.inc > > Exposes database properties, business logic > > > > http://www.bbclub.com:8013/includes/general.inc > > Exposes cobranding business logic > > > > http://www.salest.com/corporate/admin/include/jobs.inc > > Exposes datafile locations and structure > > > > http://www.bjsbabes.com/SFLib/design.inc > > Exposes source code for StoreFront 2000 including > > database structure > > > > http://www.ffg.com/scripts/IsSearchEngine.inc > > Exposes search engine log > > > > http://www.wcastl.com/include/functions.inc > > Exposes members email addresses and > > private comments file http://www.wcastl.com/flat/comments.txt > > > > http://www.traveler.net/two/cookies.inc > > Exposes cookie logic > > > > Resolution: > > =========== > > > > - Search engines should not index pages that > > have ASP runtime errors. > > > > - Programmers should fully debug their ASP > > scripts before publishing them on the web > > > > - Security administrators need to secure > > the ASP include files so that external users > > can not view them. > > > > > > > > > > =========================== > > Jerry Walsh > > JW's Software Gems > > Email jwalsh_(at)_jwsg.com > > Phone (949) 855-0233 > > Website http://www.jwsg.com > > =========================== > > -- * Erich Schneeweiss mailto:eschneew_(at)_paedak-krems.ac.at * Administrator of paedak-krems.ac.at * PA Krems Dr. Gschmeidler Str. 22-30 A - 3500 Krems * Tel: +43-2732-83591 Fax: +43-2732-83591-71
php::bar PHP Wiki - Listenarchive