Logo

Maarten Balliauw {blog}

ASP.NET, ASP.NET MVC, Azure, PHP, OpenXML, VSTS, ...

About the author

Maarten Balliauw is currently employed as .NET Technical Consultant at RealDolmen. His interests are mainly web applications developed in ASP.NET (C#) or PHP and the Windows Azure cloud platform.
More about me More about me
Send mail E-mail me


ASP.NET MVC Quickly Subscribe to my RSS feed Follow me on Twitter! View Maarten Balliauw's profile on LinkedIn
View Maarten Balliauw's MVP profile

Search

Pages

Latest Twitter

    Follow me on Twitter...

    My projects

    Related blogs

    Recent posts

    Categories


    Archive

    Disclaimer

    The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.

    © Copyright Maarten Balliauw 2010

    To all BlogEngine.NET users... Go patch!

    Posted by maartenba on Monday, April 14, 2008 9:57 AM

    image This morning, I read about a serious security issue in BlogEngine.NET. The security issue is in the JavaScript HTTP handler, which lets all files pass trough... In short: if you open http://your.blog.com/js.axd?path=app_data\users,xml, anyone can see your usernames/passwords! None of the other HttpHandlers are affected by this security hole.

    My recommendation: if you are using BlogEngine.NET: go patch!

    (and yes, I patched it Cool  http://blog.maartenballiauw.be/js.axd?path=app_data\users.xml)

    kick it on DotNetKicks.com


    Categories: General | Software | Security
    E-mail | Kick it! | DZone it! | del.icio.us
    Permalink | Comments (0) | Post RSSRSS comment feed

    Add comment




      Country flag

    biuquote
    • Comment
    • Preview
    Loading