Geeks With Blogs
Nat Luengnaruemitchai Geek Blog

As you guys might hear about ASP.NET Vulnerability previously, you might wonder how to workaround it. In the meantime while waiting for the patch, Microsoft recommended a strategy to workaround ASP.NET Vulnerability in its authentication system by adding the following code:

<script language="C#" runat="server">
void Application_BeginRequest(object source, EventArgs e) {
    if (Request.Path.IndexOf('\\') >= 0 ||
        System.IO.Path.GetFullPath(Request.PhysicalPath) != Request.PhysicalPath) {
        throw new HttpException(404, "not found");
    }
}
</script>

as appeared in KB887459

 

Posted on Wednesday, October 6, 2004 7:53 AM | Back to top


Comments on this post: ASP.NET Vulnerability

# MS KB 887459 : Work Around for the IIS5/ASP.NET Authentication Vulnerability
Requesting Gravatar...
The hills are alive with the sound of music KB links echoed through blogosphere. As reported here here here here here here here here here here (and too many other places to mention), MS has released a bulletin regarding this vulnerability. If you want to correct the problem, you should add the code from KB article 887459 to your Global.asax (or Global.asax.cs or Global.asax.vb, as the case may be). I still recommend using more fine-grained security checks on each page like I mentioned earlier and that you run URLScan and IISLockdown (if you can). Or upgrade to IIS 6. Better yet, do all of the above.
Left by Sirsha Development Resources Blo on Oct 06, 2004 12:35 PM

# MS KB 887459 : Work Around for the IIS5/ASP.NET Authentication Vulnerability
Requesting Gravatar...
The hills are alive with the sound of music KB links echoed through blogosphere. As reported here here here here here here here here here here (and too many other places to mention), MS has released a bulletin regarding this vulnerability. If you want to correct the problem, you should add the code from KB article 887459 to your Global.asax (or Global.asax.cs or Global.asax.vb, as the case may be). I still recommend using more fine-grained security checks on each page like I mentioned earlier
Left by Sirsha Development Resources Blo on Mar 12, 2005 5:40 PM

Your comment:
 (will show your gravatar)


Copyright © Nat Luengnaruemitchai | Powered by: GeeksWithBlogs.net