This is the original article written by me about ASP security holes and prevention. I published it on Neworder few months ago and noticed it got completely stolen (just cut and paste but my name replaced by his) by some guy called Faisal Arif.
My proof that I uncovered his fake didn't impress him: http://neworder.box.sk/newsread.php?newsid=6855 (Original Post) so I contacted PSC who removed him. Have fun reading the original :)
Note: Due to the size or complexity of this submission, the author has submitted it as a .zip file to shorten your download time. Afterdownloading it, you will need a program like Winzip to decompress it.Virus note:All files are scanned once-a-day by Planet Source Code for viruses, but new viruses come
out every day, so no prevention program can catch 100% of them. For your own safety, please:
Re-scan downloaded files using your personal virus checker before using it.
NEVER, EVER run compiled files (.exe's, .ocx's, .dll's etc.)--only run source code.
If you don't have a virus scanner, you can get one at many places on the net
including:McAfee.com
Terms of Agreement:
By using this article, you agree to the following terms...
You may use
this article in your own programs (and may compile it into a program and distribute it in compiled format for languages that allow it) freely and with no charge.
You MAY NOT redistribute this article (for example to a web site) without written permission from the original author. Failure to do so is a violation of copyright laws.
You may link to this article from another website, but ONLY if it is not wrapped in a frame.
You will abide by any additional copyright restrictions which the author may have placed in the article or article's description.
That Faisal Arif guy is $#IT and shall be ashamed that all of his articles (ever posted here) were stolen (If this comment was disrespectful, please report it.)
It's okay bro. I wouldn't worry about it. My last three employers have been to this site looking for stuff I've written. Usually, a key word search will turn it up. In this case a key word search for this guy will turn up plagerism. The fact that he would even consider doing that in the first place is a clear indication that a: he doesn't care about his career, or b: he isn't using his real name. Either way, highly un cool. Keep up the great work bro.
(If this comment was disrespectful, please report it.)
4/17/2003 3:10:43 AM:
The Upload 'bug' was cool! But why guess the url or database-location if you can use a web-strip prog. (If this comment was disrespectful, please report it.)
4/17/2003 8:10:30 AM:
Here is a link to a blowfish using asp, http://www.di-mgt.com.au/crypto.html#BlowfishASP (If this comment was disrespectful, please report it.)
4/17/2003 8:11:54 AM:
Let's try that again: www.di-mgt.com.au/crypto.html#BlowfishASP
diek (If this comment was disrespectful, please report it.)
hi guo, i've written an asp application that allows a very basic encryption of data transmitted via forms, which is here on PSC at the addrses .
since i particularly liked your article and your analysis methodology, i would love to have your opinion and some kind of risk assessment on the lines of code thast i've posted.
cheers and keep up the good work,
aj. (If this comment was disrespectful, please report it.)
ummm yeah i think i was the one that went all up myself trying to report that post along with the rest of his *COUGH* work but he deleted my comments and sent me a few nasty emails... anyhow i used to post stuff on IIS 4 and 5 on New0rder but i had to remove them:( (If this comment was disrespectful, please report it.)
well at least i dont remove your comment mr. faisal :) (If this comment was disrespectful, please report it.)
4/26/2004 11:45:03 PM:
Anyone can help please~ I don't very understand how's the upload bug works. Anyone can post a sample scripts? Thanks~ this is urgent~! (If this comment was disrespectful, please report it.)
4/26/2004 11:47:13 PM:
Please help me~! I not very understand how the upload 'bug' works. Anybody can post a sample scripts? I will very appreciate~! This is urgent. Thanks. (If this comment was disrespectful, please report it.)
1/23/2006 8:34:15 PM:
Very informative :) (If this comment was disrespectful, please report it.)
Add Your Feedback
Your feedback will be posted below and an email sent to
the author. Please remember that the author was kind enough to
share this with you, so any criticisms must be stated politely, or they
will be deleted. (For feedback not related to this particular article, please
click here instead.)
By 9 Users
Download article
4/17/2003 12:45:25 AM: 
