Difference between revisions of "ASP.NET Misconfigurations"
|Line 27:||Line 27:|
Revision as of 10:05, 5 July 2006
This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.
Many parts of an ASP.NET application are dynamically compiled at runtime (.aspx and .asmx files, for example). You can configure the ASP.NET runtime to compile the application with symbolic information so that the application can be debugged. Symbols (.pdb files) tell the debugger how to find the original source files for a binary, and how to map breakpoints in code to lines in those source files. Debug binaries can reveal detailed debugging messages and inner working of the application. This kind of information can be used by attackers to launch attacks against the application. Debug binaries should not be used in production systems.
To identify this vulnerablity, look for the following pattern on the compilation section within the system.web group of the Web.config file at the application's root directory:
<configuration> <compilation debug="true"/> </configuration>