Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: securityfocus.com > webappsec > 03 > 040691.html (Request Expert securityfocus.com Support)

RE: getting an ASP file

From: Calderon, Juan C (CORP, DDEMESIS) <Juan.Calderon(at)ddemesis.ge.com>
Date: Tue Apr 22 2003 - 11:01:21 EDT

         I don't remeber what version of IIS and service pack that had a security flaw related to this.

         What I remember is that if you put ::$DATA before the file.asp the server will let you download the source. 

         I mean: 
http://some.server.com/main.asp::$DATA
         Will appear a box to save this file, like a download, but with the
source code of the asp page.

oh, that's an old trick, it is very improbable to get the file this way, since patch for this flaw was issued on July 1998

cheers :) Received on Tue Apr 22 11:21:25 2003

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:50 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library