tag:blogger.com,1999:blog-6053278348880272770.post70732902410972389..comments2013-10-09T22:45:42.597-07:00Comments on Stupid Coding Tricks: My workaround for the ASP.Net VulnerabilityDanielhttp://www.blogger.com/profile/05209486047280683085noreply@blogger.comBlogger4125tag:blogger.com,1999:blog-6053278348880272770.post-68115042150617751642013-10-09T22:45:42.597-07:002013-10-09T22:45:42.597-07:00Wow really good post
website development company i...Wow really good post<br /><a href="http://www.sinelogix.com/services/php-website-development.html" rel="nofollow">website development company in bangalore</a>Sinelogixhttps://www.blogger.com/profile/03753447067548332551noreply@blogger.comtag:blogger.com,1999:blog-6053278348880272770.post-56193158188488693732010-09-22T08:38:15.482-07:002010-09-22T08:38:15.482-07:00I got it doing filtering its still a hack and if w...I got it <a href="http://stupidcodingtricks.blogspot.com/2010/09/blocking-requests-to-sensitive-files-eg.html" rel="nofollow">doing filtering</a> its still a hack and if we don't get a proper fix from MS by the weekend I'll add some polish and put it on codeplexDanielhttps://www.blogger.com/profile/05209486047280683085noreply@blogger.comtag:blogger.com,1999:blog-6053278348880272770.post-8676686498092664812010-09-21T07:29:58.175-07:002010-09-21T07:29:58.175-07:00Adding some filtering would be a good idea, but po...Adding some filtering would be a good idea, but poking around the HttpContext and the Response I don't see any clues as to what file/resource its returning. The request string only cypher text which more than likely contains the resource that is being requested. I'm not exactly sure how to decrypt it without specifying a machine key in the web.conf file which seems like a bad idea.<br /><br />I'm more of a client side developer than an ASP.Net developer so its possible I'm missing something obvious here.Danielhttps://www.blogger.com/profile/05209486047280683085noreply@blogger.comtag:blogger.com,1999:blog-6053278348880272770.post-87864046058719213862010-09-20T15:54:34.243-07:002010-09-20T15:54:34.243-07:00Nicely done.
It would be nice to also somehow rest...Nicely done.<br />It would be nice to also somehow restrict what files are accessible through WebResource.axd either by having a white-list in web.config, or having a white-list of extensions, or at least black-listing the obvious things like web.config, or limiting it based on the ACL of the requested file.Anonymousnoreply@blogger.com