Vulnerability Development mailing list archives
Re: The good , the bad, the IIS. (%3F Weirdness)
From: "Robert Freeman" <freem100 () chapman edu>
Date: Sun, 6 Jan 2002 01:21:12 -0800
It was fixed in SP3 (Bugtraq 2313). ----- Original Message ----- From: <jesperht () hotmail com> To: <vuln-dev () securityfocus com> Sent: Saturday, January 05, 2002 9:14 AM Subject: The good , the bad, the IIS. (%3F Weirdness)
*I have no clue if this is a new bug or not due to my lack of hotfixes, but here it goes!* Hello fellow vuln-dev'ers, Here is a srange bug ive found on my test server: Microsoft Windows 2000 [Version 5.00.2195] (service pack 2) Making the following request: http://bender/global.asa%3f.htr Adding a %3f.htr at the end seems to yield its source code. Because this is a default install, all that it contains is the following: <OBJECT RUNAT=Server SCOPE=Session ID=MyInfo PROGID="MSWC.MyInfo"> </OBJECT> Ive tried appending %3f.htr to iisstart.asp (another default file), but that does not reveal a thing. Renaming iisstart.asp to iisstart.asa and trying to view its source does not work then either. I cant find any logic behind this. Please give this a shot, play with this, and send in your results/thoughts! Best Regards, -Scarabus
Current thread:
- The good , the bad, the IIS. (%3F Weirdness) jesperht (Jan 05)
- Re: The good , the bad, the IIS. (%3F Weirdness) Robert Freeman (Jan 06)
- SV: The good , the bad, the IIS. (%3F Weirdness) Stefan Sundkvist (Jan 06)