WebApp Sec mailing list archives

RE: getting an ASP file

From: "Calderon, Juan C (CORP, DDEMESIS)" <Juan.Calderon () ddemesis ge com>
Date: Tue, 22 Apr 2003 11:01:21 -0400

*************
         I don't remeber what version of IIS and service pack that had a 
security flaw related to this.
         What I remember is that if you put ::$DATA before the file.asp the 
server will let you download the source.
         I mean: http://some.server.com/main.asp::$DATA
         Will appear a box to save this file, like a download, but with the 
source code of the asp page.
************

oh, that's an old trick, it is very improbable to get the file this way, since patch for this flaw was issued on July 
1998

cheers :)

Current thread:

getting an ASP file falcifer (Apr 20)
- <Possible follow-ups>
- RE: getting an ASP file Calderon, Juan C (CORP, DDEMESIS) (Apr 21)
- RE: getting an ASP file Alejandro Flores (Apr 22)
  - RE: getting an ASP file James A. Casavant (Apr 22)
- RE: getting an ASP file Calderon, Juan C (CORP, DDEMESIS) (Apr 22)