missLord
02-10-2003, 11:30 PM
Is it possible to get the source code of the remote ASP scripts by appending ::$DATA at the end of the request (like GET /default.asp::$DATA) ?
Going back a few years (IIS4) there was a security risk with your ASP source code - you could display the ASP code by typing in something like ::DATA.
Does anyone know whether or not this can still be done or is IIS pretty tight these days? My boss just did a network security check and one of the warnings advised him of the above - he doesn't think it's very likely but I thought I'd ask around anyway.
Cheers.
Going back a few years (IIS4) there was a security risk with your ASP source code - you could display the ASP code by typing in something like ::DATA.
Does anyone know whether or not this can still be done or is IIS pretty tight these days? My boss just did a network security check and one of the warnings advised him of the above - he doesn't think it's very likely but I thought I'd ask around anyway.
Cheers.