473,326 Members | 2,012 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,326 software developers and data experts.

Context.ReWritePath Critical Bug

Hi I thing I have found a critical bug about ASP.NET ReWritePath Function
Here are the steps to reproduce:

I have a solution with this items:

"MasterPageWithoutUserControl.aspx"
"MasterPageWithUserControl.aspx"
"OrdinaryPage.aspx"
"OrdinaryWebControl.ascx"

in global asax I call rewritepath like this:

Sub Application_BeginRequest(ByVal sender As Object, ByVal e As EventArgs)
Context.RewritePath("MasterPageWithoutUserControl. aspx ")
End Sub
Look careful at the end of the string there is a space (".aspx ")

This space causes aspnet_wp not to render the page so when I send a request
to OrdinaryPage.aspx I see the ACTUAL SOURCE of
MasterPageWithoutUserControl.aspx file in my browswer.

Thinks become more interesting if that MasterPage has a User Control or
Custom Control decleration at the top of the page like this:
<%@ Register TagPrefix="uc1" TagName="OrdinaryWebControl"
Src="OrdinaryWebControl.ascx" %>

When I change global.asax to:
Sub Application_BeginRequest(ByVal sender As Object, ByVal e As EventArgs)
Context.RewritePath("MasterPageWithUserControl.asp x ")
End Sub

and request OrdinaryPage.aspx I directly see a Download File Dialog which
lets me to DOWNLOAD THE ASPX SOURCE FILE...

I use framework 1.1. I tested this on both WinXP Pro and Win2003

Has anyone experienced it before ???

-Oytun
Nov 18 '05 #1
1 3090
I'm not sure if that's a critical bug in Context.RewritePath or simply a
critical bug in how you are using it. It would be nice if
Context.RewritePath checked for valid extensions I guess...but the bug can't
be easily exploited unless you are letting users input where the rewrite the
path to.

As for the download / not download thing, firefox tries to download both
cases...I think it's more of a browser setting thing.

Karl

--
MY ASP.Net tutorials
http://www.openmymind.net/
"Oytun YILMAZ" <oyilmaz@_REMOVE_veripark.com> wrote in message
news:18****************************@40tude.net...
Hi I thing I have found a critical bug about ASP.NET ReWritePath Function
Here are the steps to reproduce:

I have a solution with this items:

"MasterPageWithoutUserControl.aspx"
"MasterPageWithUserControl.aspx"
"OrdinaryPage.aspx"
"OrdinaryWebControl.ascx"

in global asax I call rewritepath like this:

Sub Application_BeginRequest(ByVal sender As Object, ByVal e As EventArgs) Context.RewritePath("MasterPageWithoutUserControl. aspx ")
End Sub
Look careful at the end of the string there is a space (".aspx ")

This space causes aspnet_wp not to render the page so when I send a request to OrdinaryPage.aspx I see the ACTUAL SOURCE of
MasterPageWithoutUserControl.aspx file in my browswer.

Thinks become more interesting if that MasterPage has a User Control or
Custom Control decleration at the top of the page like this:
<%@ Register TagPrefix="uc1" TagName="OrdinaryWebControl"
Src="OrdinaryWebControl.ascx" %>

When I change global.asax to:
Sub Application_BeginRequest(ByVal sender As Object, ByVal e As EventArgs)
Context.RewritePath("MasterPageWithUserControl.asp x ")
End Sub

and request OrdinaryPage.aspx I directly see a Download File Dialog which
lets me to DOWNLOAD THE ASPX SOURCE FILE...

I use framework 1.1. I tested this on both WinXP Pro and Win2003

Has anyone experienced it before ???

-Oytun

Nov 18 '05 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

0
by: Matt Howeson | last post by:
Some time ago I posted a request for help with a problem I was having sometime ago whereby a 404 error would result if any access to the Querystring had been made before the Context.Rewritepath is...
0
by: Ayende Rahien | last post by:
I've a very annoying problem, I'm using Application_BeginRequest() and Context.RewritePath to hide query strings. The problem that I've is that a form that I submit to /Comments/17.aspx has form...
0
by: Ayende Rahien | last post by:
I've a very annoying problem, I'm using Application_BeginRequest() and Context.RewritePath to hide query strings. The problem that I've is that a form that I submit to /Comments/17.aspx has form...
15
by: James Higgs | last post by:
For a long time, our product has had a "vanity URLs" feature where nice URLs are mapped to ASPX files in an IHttpModule implementation, using HttpContext.RewritePath(). This has worked beautifully...
0
by: cpnet | last post by:
I was playing around with Beta 2 of VS2005, .NET 2.0, and built an IHttpModule do allow me to have nice URL's in my web app. It was working great. I had a URL like: ...
1
by: Alan Silver | last post by:
Hello, I have a page where site owners can see orders placed on their site. The path to this page is /dap/order.aspx, but for security reasons (as they will end up printing these pages and...
3
by: MatsL | last post by:
Hi, I'm using Context.RewritePath() in a HttpModule to get url rewriting done. http://localhost/Web1/articles -> http://localhost/Web1/Default.aspx?m=articles But I'm having problems with...
0
by: Andrew2 | last post by:
Sorry guy for the (probably) stupid question, but reading and testing the second overload of the Context.RewritePath, that one with the rebaseClientPath param. Msdn says: true to reset the...
1
by: Keef | last post by:
Hiya... just wondering if anyone else has come across this problem, and if there is a solution... i'm writing a reasonably simple IHttpModule to rewrite URLs ... in the BeginRequest event i...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.