Heybo Blog

If you look at me when I'm talking, you'll see what I'm saying ... about Tech and .NET discoveries!

My Links

News

Story Categories

Archives

Post Categories

Image Galleries

Login

Blog Stats

Links

Personal Websites

UrlAuthorization vulnerability in ASP.NET

If you are relying on <authorization> sections in subdirectories (or via <location> in your web.config files), you should be aware of a canonicalization bug in ASP.NET that can allow an attacker to slip past the UrlAuthorizationModule by using a backslash instead of a forward slash. For more details, look here at Keith Brown's Security Briefs Blog article.

posted on Thursday, October 07, 2004 4:48 AM

Feedback

No comments posted yet
Title  
Name  
Url
Comments   
Protected by Clearscreen.SharpHIPEnter the code you see: