WebApp Sec mailing list archives
RE: getting an ASP file
From: Alejandro Flores <alejandro.flores () ipad com br>
Date: Tue, 22 Apr 2003 08:51:37 -0300
Hello,I don't remeber what version of IIS and service pack that had a security flaw related to this. What I remember is that if you put ::$DATA before the file.asp the server will let you download the source.
I mean: http://some.server.com/main.asp::$DATAWill appear a box to save this file, like a download, but with the source code of the asp page.
Regards, Alejandro
******** I've one web where I can insert html code(ASP code don't works) at forum module developed in ASP. Are there any way to recover an asp source file or global.asa by this mode of codding; ********HTML code is executed client side. Even if you can insert HTML code in the Web server response, eventually your browser will be the one which executes it, so it will be like a simple (direct) browser request, therefore I think HTML code insertion is not useful for this purpose.I Think you'll have yo try harder on ASP code execution or another server-side related technique.cheers :)
Current thread:
- getting an ASP file falcifer (Apr 20)
- <Possible follow-ups>
- RE: getting an ASP file Calderon, Juan C (CORP, DDEMESIS) (Apr 21)
- RE: getting an ASP file Alejandro Flores (Apr 22)
- RE: getting an ASP file James A. Casavant (Apr 22)
- RE: getting an ASP file Calderon, Juan C (CORP, DDEMESIS) (Apr 22)