More information on MS00-044

[rain forest puppy <rfp () WIRETRIP NET>]

I just wanted to drop a note to see if anyone else has any more
information on the '+.htr' vulnerability.  So many people have been trying
it against me, I decided to look into it. :)

> From what I can tell, it's a pretty effective bug, returning the source of
the page.  HOWEVER, it seems that it will stop at the first '<%' it
encounters.  For those of you that program in ASP, you'll know that <% %>
are the server-side script delimiters.  So this effectively keeps you from
seeing source...or does it...?

I've noticed that if you use the <script runat=server></script>
delimiters, which function in the same manner as <% %>, you will get the
source.  Well, up to any other '<%' existing in the same page.

Does anyone have any contrary results?

- rain forest puppy

ps. whisker v1.4 was released on my site.  http://www.wiretrip.net/rfp/