nanog mailing list archives
Aside: ability to view ASP/ColdFusion code
From: Manar Hussain <manar () ivision co uk>
Date: Thu, 02 Jul 1998 11:48:44 +0100
This isn't really a NANOG issue so I'll keep it brief - I'm mentioning it as it's something people here may well want to consider and pass on to customers with NT servers. Another MS security whole allows people to access the code for ASP/ASA/ColdFusion pages by adding ::$data to the URL. E.g. http://www.allaire.com/handlers/index.cfm::$DATA http://www.watford.co.uk/global.asa::$DATA http://www.datareturn.com/av-asp.asp::$DATA I understand that using SiteServer or making the file non-readable (but retaining execute permissions!) "solves" the problem. Regards, Manar
Current thread:
- Aside: ability to view ASP/ColdFusion code Manar Hussain (Jul 02)
- <Possible follow-ups>
- Re: Aside: ability to view ASP/ColdFusion code Andrew Staples (Jul 02)