The security hole involves a bug in ASP.NET's handling of URLs, known as "canonicalization." If a visitor to an ASP.NET site substitutes '\' or '%5C' for the '/' character in the URL, they may be able to bypass password login screens. The technique may also work if a space is subsituted for the slash. Security researchers say the bug operates differently in Mozilla browsers and Internet Explorer.
asp.net hole
- Thread starter posol
- Start date
- Replies 23
- Views 1K
We may earn a small commission from affiliate links and paid advertisements. Terms
nope but i sure as hell dont know what you just said either....LOL
Yeah... Mozilla has issues interpreting the links in my web page code- it turns the "/" into "%5C" or something and fails to go to the next page.
:toilet: 
corvetteguy
Senior Member
Bri what was that string again
' or 1=1 __
' or 1=1 __
you can only imagine me and B's situation.. coding in ASP and ASP.net then coding all our freelance in PHP
it's night and day.. B you ever fuck with CF? i took a advanced SQL class at EEI, chick was using CF to run their SQL queries cuase they were too damn cheap to buy SQL server.
shit is so easy.. does all the compiling work on it's own
it's night and day.. B you ever fuck with CF? i took a advanced SQL class at EEI, chick was using CF to run their SQL queries cuase they were too damn cheap to buy SQL server.
shit is so easy.. does all the compiling work on it's own
no, it wasn't in the commenting. and it was php.
how it works is, say you have a username and password field. you put in the username, and for password you put ' OR 1=1.
what this does, is the single ' ends the text for the password, then puts in another where clause, OR 1=1, making it always true, which would return that row.
how it works is, say you have a username and password field. you put in the username, and for password you put ' OR 1=1.
what this does, is the single ' ends the text for the password, then puts in another where clause, OR 1=1, making it always true, which would return that row.
i hate cfm. i hate tag-based shit. i hate asp.net.
i code in normal asp all day, but its really not so much asp as it is sql coding and making sp's and views and such...
home, its all php.
and the office is SLOOWLY heading my php word, and we are slowing started to move some things to php.
Cashizslick
!i!i!i!i!i!i!i!i!i!i!i!
Originally posted by B16@Oct 8 2004, 01:35 PM
no, it wasn't in the commenting. and it was php.
how it works is, say you have a username and password field. you put in the username, and for password you put ' OR 1=1.
what this does, is the single ' ends the text for the password, then puts in another where clause, OR 1=1, making it always true, which would return that row.
[post=400099]Quoted post[/post]
yes, yes it was. and it was def asp.
vette guy used to work with me, and we did it at night hacvking into asp sites. he can back me up on this.
' is NOT a comment in php.
the reason it worked was, when you entered that string as the password with any username, it would compile like this...
select * from users where username = 'anynamehere' AND password = '' OR 1=1 --
which, as you can see, the password will ALWAYS be true- so, all you needed was the name of the administrator and you could log yourself in as the admin.
the -- is a sql comment, which will stop the rest of the line from compiling in the stored procedure.
B16, try again