In association with heise online

22 December 2006, 15:21

Mono reveals source code of web applications

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

A weak point in Mono, the .NET-compatible development and runtime environment, allows attackers to have a look at an application's source code. The information thus obtained may then be useful for further attacks. The only thing hackers need to do is add the string %20 to a URL:


A security advisory states that the flaw is in the class System.Web. In addition, the flaw makes it possible to access the configuration file Web.Config. Mono XSP 1.2.1 and previous versions are affected. A patch in the subversion repository remedies the problem.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit