Understanding the ASP.NET Vulnerability
And demonstrated on YouTube here:
POET vs ASP.NET: DotNetNuke
It appears that the key is a statement in the ASP.NET web.config file that sets CustomErrors="Off". You can read the Microsoft Advisory explaining what causes the problem so I won't reiterate that here. I'm a little concerned because I only have shared hosting. Mine is set to CustomErrors="Remote" which apparently makes it secure, but the person who posted the video seems to feel the setting is "_irrelevant_" (his usage). In any case, hopefully my hosting provider runs the script Microsoft Provided to fix the setting in web.config files. The Microsoft advisory posting has a lengthy VBScript script IIS admins can run to fix the issue. The bored script kiddies of the world with nothing better to do this weekend are probably all trying to get the exploit as I type...
About The Author
Ron Grove draws on over ten years of training, network administration and development experience. He loves to work with new technology and see how that technology can be best utilized by his clients. You can find him through RonGrove.com or through his company Evanoah I/T Services.
0 comments:
Post a Comment