Digit-Labs Security Advisory - Microsoft Visual Studio .NET on all VS.NET platforms creates a file called *.vbproj in the Web root directory which reveals the web site file structure.
5e23baba88cdc73cc30dbc3a80d757303ef3061270ab40c1edfd68b399e7b62e
Here is our latest advisory, a copy is also on our web
http://www.digit-labs.org/ .
-Greetings from GoLLuM.no
-------------------------------------------------------------------
** Digit-Labs Security Advisory (http://www.digit-labs.org/) **
Advisory Name: VS.net Web Project file reveals Website structure
Release Date: 22.Aug-2002
Application: Microsoft Visual Studio .NET
Platform: All supporting VS.NET
Severity: Low
Author(s): GoLLuM.no [mailto:gollum@digit-labs.org]
Vendor Status: Unknown
Description:
When creating a new Web project Microsoft Visual Studio creates a
file called *.vbproj
in the Web root directory. This file contains the filenames of all
the files in the
project, thus revealing the Web site file-structure.
The name of the project is the same as the name of the *.vbproj
file, thus if your
project is named "myproj" your Web project file is
named "myproj.vbproj".
Access to this Web project file would then be through
http://target/myproj.vbproj,
often you will see that the virtual directories and the project
name is the same,
ex. http://target/newproject/newproject.vbproj .
Example of Web project content:
...
<Files>
<Include>
<File Relpath="index.asp" Buildaction="Content"/>
<File Relpath="authenticate.asp" Buildaction="Content"/>
<File Relpath="script/authenticate.inc" Buildaction="Content"/>
<File Relpath="script/accessgranted.inc" Buildaction="Content"/>
</Include>
</Files>
...
________________________________________________________________
Get your own evilemail.com address at http://www.evilemail.com