After attempting to apply the workaround, my ASP.NET resources (.aspx and .html as I have set up ASP.NET to protect .html pages with forms authentication) are protected so that all errors redirect to the same page.
However, if I try to access a resource type not handled by ASP.NET e.g. mysite/orange.jpg, where such a file does not exist, I get an inbuilt 404 error. mysite/page.aspx or mysite/file.html shows the custom error as intended. Am I still vulnerable?
s3034sd
0 Points
1 Post
Are resources not handled by ASP.NET affected?
Sep 20, 2010 12:44 PM|LINK
After attempting to apply the workaround, my ASP.NET resources (.aspx and .html as I have set up ASP.NET to protect .html pages with forms authentication) are protected so that all errors redirect to the same page.
However, if I try to access a resource type not handled by ASP.NET e.g. mysite/orange.jpg, where such a file does not exist, I get an inbuilt 404 error. mysite/page.aspx or mysite/file.html shows the custom error as intended. Am I still vulnerable?