Home page logo
/

basics logo Security Basics mailing list archives

RE: ASP trouble with IIS 6.0 security
From: Bénoni MARTIN <Benoni.MARTIN () libertis ga>
Date: Thu, 29 Apr 2004 09:01:42 +0100

Humm... I was using the "include file" instead of the other one, so I will try it, cheers!

The trouble I had was just sometimes and random: browsing on my website, a page displayed without any problem will not 
be displayed coming back to it after browsing other pages! Sometimes an ASP page with some HTML code in it gets me an 
"HTTP 500 error", sometimes a raw ASP (reading some intputs and redirecting to another pages according to these inputs) 
script gets stuck without being processed...

With Mozzila, I had really less trouble, maybe IIS 6 is bugged, I do not know...that's a trouble as for debugging I 
take out every security option...so I am afraid when I will be hardening the web server! :(


-----Message d'origine-----
De : Noah [mailto:noahc () ruraltel net] 
Envoyé : mercredi 28 avril 2004 19:55
À : Bénoni MARTIN
Cc : security-basics () securityfocus com
Objet : Re: ASP trouble with IIS 6.0 security

This may be completely off but have you looked at your includes or does it
make reference to them in the server error you get? Alot of issues with
design of include functions that worked in IIS5 but not in IIS6.
Example

<!--#include file="../../includes/home_sidebar_inc.asp" -->
will work in IIS5

for IIS 6 you must make it virtual
<!--#include virtual="/includes/home_sidebar_inc.asp" -->



Noah Welshans
Nex-tech Internet Solutions
www.nex-tech.com

----- Original Message ----- 
From: "Bénoni MARTIN" <Benoni.MARTIN () libertis ga>
To: <security-basics () securityfocus com>
Sent: Wednesday, April 28, 2004 10:02 AM
Subject: ASP trouble with IIS 6.0 security



Hi community,

I am running IIS 6.0 under a W2K3 box, and most of my web pages have been
written in ASP with Dreamweaver 2004 (I don't think this is really
important, but...). Some of my ASP pages run into trouble: sometimes they
are displayed in the right way, but sometimes they create a "NTTP 500 -
Internal error". Looking around the web, seems to me I am not the only one
to face this trouble, but no solution has been found...

Seems also that a new security feature in IIS 6.0 performs this, but which
one??? I just cannot set up a Linux box with Apache as I have an SQL Server
2000...

What can I do? Get back to IIS 5.x does not seems to be a good idea...

Any idea will be welcomed!

Cheers!


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the
skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------




---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault