RE: getting an ASP file

["James A. Casavant" <jcasavant2002 () yahoo com>]

It was IIS 4.0, it was an early service pack because I
remember that they fixed it(although I don't remember
which one).  This also only worked if you allowed read
permissions on the directory that the .asp was in.  
--- Alejandro Flores <alejandro.flores () ipad com br>
wrote:
>          Hello,
>
>          I don't remeber what version of IIS and
> service pack that had a 
> security flaw related to this.
>          What I remember is that if you put ::$DATA
> before the file.asp the 
> server will let you download the source.
>          I mean:
> http://some.server.com/main.asp::$DATA
>          Will appear a box to save this file, like a
> download, but with the 
> source code of the asp page.
>
> Regards,
> Alejandro
>
>
> > ********
> > I've one web where I can insert html code(ASP code
> don't works) at forum
> > module developed in ASP.
> > Are there any way to recover an asp source file or
> global.asa by this
> > mode of codding;
> > ********
> >
> > HTML code is executed client side.  Even if you can
> insert HTML code in 
> > the Web server response, eventually your browser
> will be the one which 
> > executes it, so it will be like a simple (direct)
> browser request, 
> > therefore I think HTML code insertion is not useful
> for this purpose.
> > I Think you'll have yo try harder on ASP code
> execution or another 
> > server-side related technique.
> >
> > cheers :)


__________________________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo
http://search.yahoo.com