Hello,
I don't remeber what version of IIS and service pack that had a
security flaw related to this.
What I remember is that if you put ::$DATA before the file.asp the
server will let you download the source.
I mean: http://some.server.com/main.asp::$DATA
Will appear a box to save this file, like a download, but with the
source code of the asp page.
Regards,
Alejandro
>********
>I've one web where I can insert html code(ASP code don't works) at forum
>module developed in ASP.
>Are there any way to recover an asp source file or global.asa by this
>mode of codding;
>********
>
>HTML code is executed client side. Even if you can insert HTML code in
>the Web server response, eventually your browser will be the one which
>executes it, so it will be like a simple (direct) browser request,
>therefore I think HTML code insertion is not useful for this purpose.
>
>I Think you'll have yo try harder on ASP code execution or another
>server-side related technique.
>
>cheers :)
Received on Apr 22 2003
Intro
