Net web
application.
Here is an example of a web.config file using customErrors and a default
Redirect to mitigate error disclosure:
132 Hacking Exposed Web 2.0
ATTACKING WEB SERVICES
In addition to the web page capabilities of ASP.Net, the ASP.Net application platform has
a full-featured web service stack. Standard class methods may be turned into web service
methods by applying the WebMethod attribute to the class member. This indicates
to ASP.Net that the method is meant to be exposed in a web service. After adding the
WebMethod attribute, the developer needs to place an ASMX web service file on the web
service along with associated application code. The ASP.Net Internet Server API (ISAPI)
filter running within Internet Information Services (IIS) will then know to treat references
to the ASMX file as web service requests and process them accordingly.
Discovering Web Service Information by Viewing the WSDL File
Popularity: 8
Simplicity: 8
Impact: 3
Risk Rating: 4
Figure 5-1 Stack trace shown by ASP.
Pages:
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262