WebApp Sec mailing list archives
RE: getting an ASP file
From: "James A. Casavant" <jcasavant2002 () yahoo com>
Date: Tue, 22 Apr 2003 07:39:18 -0700 (PDT)
It was IIS 4.0, it was an early service pack because I remember that they fixed it(although I don't remember which one). This also only worked if you allowed read permissions on the directory that the .asp was in. --- Alejandro Flores <alejandro.flores () ipad com br> wrote:
Hello, I don't remeber what version of IIS and service pack that had a security flaw related to this. What I remember is that if you put ::$DATA before the file.asp the server will let you download the source. I mean: http://some.server.com/main.asp::$DATA Will appear a box to save this file, like a download, but with the source code of the asp page. Regards, Alejandro******** I've one web where I can insert html code(ASP codedon't works) at forummodule developed in ASP. Are there any way to recover an asp source file orglobal.asa by thismode of codding; ******** HTML code is executed client side. Even if you caninsert HTML code inthe Web server response, eventually your browserwill be the one whichexecutes it, so it will be like a simple (direct)browser request,therefore I think HTML code insertion is not usefulfor this purpose.I Think you'll have yo try harder on ASP codeexecution or anotherserver-side related technique. cheers :)
__________________________________________________ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo http://search.yahoo.com
Current thread:
- getting an ASP file falcifer (Apr 20)
- <Possible follow-ups>
- RE: getting an ASP file Calderon, Juan C (CORP, DDEMESIS) (Apr 21)
- RE: getting an ASP file Alejandro Flores (Apr 22)
- RE: getting an ASP file James A. Casavant (Apr 22)
- RE: getting an ASP file Calderon, Juan C (CORP, DDEMESIS) (Apr 22)