WebApp Sec: RE: getting an ASP file

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

WebApp Sec mailing list archives

RE: getting an ASP file

From: "Calderon, Juan C (CORP, DDEMESIS)" <Juan.Calderon () ddemesis ge com>
Date: Tue, 22 Apr 2003 11:01:21 -0400

*************
         I don't remeber what version of IIS and service pack that had a 
security flaw related to this.
         What I remember is that if you put ::$DATA before the file.asp the 
server will let you download the source.
         I mean: http://some.server.com/main.asp::$DATA
         Will appear a box to save this file, like a download, but with the 
source code of the asp page.
************

oh, that's an old trick, it is very improbable to get the file this way, since patch for this flaw was issued on July 
1998

cheers :)

By Date By Thread

Current thread:

getting an ASP file falcifer (Apr 20)
- <Possible follow-ups>
- RE: getting an ASP file Calderon, Juan C (CORP, DDEMESIS) (Apr 21)
- RE: getting an ASP file Alejandro Flores (Apr 22)
  - RE: getting an ASP file James A. Casavant (Apr 22)
- RE: getting an ASP file Calderon, Juan C (CORP, DDEMESIS) (Apr 22)