Google Search: “ASP.NET_SessionId” “data source=”
murfie rates this entry 2 out of 10.
Submitted: 2004-07-26 08:18:55
Added by: murfie
.NET pages revealing their datasource and sometimes the authentication credentials with it. The complete debug line looks something like this for example:strConn System.String Provider=sqloledb;Network Library=DBMSSOCN;Data Source=ch-sql-91;Initial Catalog=DBLive;User Id=login-orsearch;Password=0aX(v5~di)>S$+*For quick fun an attacker could modify this search to find those who use Microsoft Access as their storage: <"ASP.NET_SessionId" "data source=" *.mdb> It will not suprise the experienced security digger that these files are often in a downloadeble location on the server.