RE: getting an ASP file

[Alejandro Flores <alejandro.flores () ipad com br>]

        Hello,

        I don't remeber what version of IIS and service pack that had a 
security flaw related to this.
        What I remember is that if you put ::$DATA before the file.asp the 
server will let you download the source.
        I mean: http://some.server.com/main.asp::$DATA
        Will appear a box to save this file, like a download, but with the 
source code of the asp page.

Regards,
Alejandro


> ********
> I've one web where I can insert html code(ASP code don't works) at forum
> module developed in ASP.
> Are there any way to recover an asp source file or global.asa by this
> mode of codding;
> ********
>
> HTML code is executed client side.  Even if you can insert HTML code in 
> the Web server response, eventually your browser will be the one which 
> executes it, so it will be like a simple (direct) browser request, 
> therefore I think HTML code insertion is not useful for this purpose.
>
> I Think you'll have yo try harder on ASP code execution or another 
> server-side related technique.
>
> cheers :)