"ASP.NET_SessionId" "data source="

  • 日期:2004-07-26
  • 类别:
  • 作者:anonymous
  • 语法:"ASP.NET_SessionId" "data source="
  • .NET pages revealing their datasource and sometimes the authentication credentials with it. The complete debug line looks something like this for example:strConn System.String Provider=sqloledb;Network Library=DBMSSOCN;Data Source=ch-sql-91;Initial Catalog=DBLive;User Id=login-orsearch;Password=0aX(v5~di)>S$+*For quick fun an attacker could modify this search to find those who use Microsoft Access as their storage: It will not suprise the experienced security digger that these files are often in a downloadeble location on the server.