Monthly Archives: October 2004

OWASP-DOTNET Blog

I am proud to announce that we (my company ERNW) are hosting the blog of dinis cruz. This is the official OWASP-DOTNET blog – dedicated to .NET Security in general, and ASP.NET Security and Full Trust in particular. subscribed!  

Posted in Uncategorized | Leave a comment

Go to Definition in VS.NET 2005

I wanted to start a debug session and hit by accident F12 in VS.NET 2005 – a new tab opened up and showed me a C# class called String with the stubs of every public member of the System.String class + … Continue reading

Posted in Uncategorized | Leave a comment

The official Word on the ASP.NET Vulnerability

MS says: http://www.microsoft.com/security/incident/aspnet.mspx UPDATEThough we could not reproduce it – Microsoft states that Windows 2003 and IIS6 are also affected…

Posted in Uncategorized | Leave a comment

Turning on Remote Desktop – remotely

if you want to turn on Remote Desktop on a WinXP or 2003 machine over the the network, this little WMIC command will help wmic /NODE:Server /USER:administrator RDTOGGLE WHERE ServerName=”Server” CALL SetAllowTSConnections 1  

Posted in Uncategorized | Leave a comment

Advice on the ASP.NET Vulnerability

After some experimenting – i could also reproduce the same behaviour with Windows Authentication. So the bug is not in Forms Authentication, it is a canonicalization error in the UrlAuthorization Module of ASP.NET. The reason why Windows 2003 is not … Continue reading

Posted in Uncategorized | Leave a comment