WebApp Sec mailing list archives
RE: getting an ASP file
From: "Calderon, Juan C (CORP, DDEMESIS)" <Juan.Calderon () ddemesis ge com>
Date: Tue, 22 Apr 2003 11:01:21 -0400
************* I don't remeber what version of IIS and service pack that had a security flaw related to this. What I remember is that if you put ::$DATA before the file.asp the server will let you download the source. I mean: http://some.server.com/main.asp::$DATA Will appear a box to save this file, like a download, but with the source code of the asp page. ************ oh, that's an old trick, it is very improbable to get the file this way, since patch for this flaw was issued on July 1998 cheers :)
Current thread:
- getting an ASP file falcifer (Apr 20)
- <Possible follow-ups>
- RE: getting an ASP file Calderon, Juan C (CORP, DDEMESIS) (Apr 21)
- RE: getting an ASP file Alejandro Flores (Apr 22)
- RE: getting an ASP file James A. Casavant (Apr 22)
- RE: getting an ASP file Calderon, Juan C (CORP, DDEMESIS) (Apr 22)