I seriously doubt that's the case. A "hidden" form field isn't hidden
at all; a simple view source will show it. (However, checking for those
particular vulnerabilities should be part of IIS security 101)
--
Billy Cravens
HR Web Development, Sabre
[EMAIL PROTECTED]
Gothica Creative wrote:
>
> you said they put in hidden form fields...
>
> is your system open to
>
> ::$data
>
> or
>
> +.htr
>
> cracks?
> (put these after the url string to see & then view source)
>
> both of those open up your source code & are easily fixed...
>
> the first one you can fix with a service pack upgrade & the
> second just delete that mime type from the server
> (both of these are nt)
>
> --
> Gothica Creative, Inc.
> 1801 Laws Street
> Dallas, TX 75202
> 214.720.0884 ph
> 214.303.0698 fax
>
> -------------------------------------------------------------------------
> This email server is running an evaluation copy of the MailShield anti-
> spam software. Please contact your email administrator if you have any
> questions about this message. MailShield product info: www.mailshield.com
>
> -----------------------------------------------
> To post, send email to [EMAIL PROTECTED]
> To subscribe / unsubscribe: http://www.dfwcfug.org
-------------------------------------------------------------------------
This email server is running an evaluation copy of the MailShield anti-
spam software. Please contact your email administrator if you have any
questions about this message. MailShield product info: www.mailshield.com
-----------------------------------------------
To post, send email to [EMAIL PROTECTED]
To subscribe / unsubscribe: http://www.dfwcfug.org
