Results 1 to 2 of 2

Thread: ASP Source Code Security Risk

  1. #1
    Join Date
    Feb 2003
    Sydney, Australia

    Question ASP Source Code Security Risk

    Is it possible to get the source code of the remote ASP scripts by appending ::$DATA at the end of the request (like GET /default.asp::$DATA) ?

    Going back a few years (IIS4) there was a security risk with your ASP source code - you could display the ASP code by typing in something like :ATA.

    Does anyone know whether or not this can still be done or is IIS pretty tight these days? My boss just did a network security check and one of the warnings advised him of the above - he doesn't think it's very likely but I thought I'd ask around anyway.


  2. #2
    Join Date
    Dec 2002
    Getting a source code of the asp file is not so easy. In IIS 4 there was a bug and this has been resolved now. Actually putting ::$DATA and other things are commands through which people were getting the data and these are not working now.
    Vishal Gupta

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
HTML5 Development Center