[prev in list] [next in list] [prev in thread] [next in thread]
List: webappsec
Subject: RE: getting an ASP file
From: "Calderon, Juan C (CORP, DDEMESIS)" <Juan.Calderon () ddemesis ! ge ! com>
Date: 2003-04-22 15:01:21
[Download RAW message or body]
*************
I don't remeber what version of IIS and service pack that had a
security flaw related to this.
What I remember is that if you put ::$DATA before the file.asp the
server will let you download the source.
I mean: http://some.server.com/main.asp::$DATA
Will appear a box to save this file, like a download, but with the
source code of the asp page.
************
oh, that's an old trick, it is very improbable to get the file this way, since patch \
for this flaw was issued on July 1998
cheers :)
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic