www.webdeveloper.com
+ Reply to Thread
Results 1 to 2 of 2
  1. 02-10-2003 11:30 PM #1
    missLord
    missLord is offline Registered User
    Join Date
    Feb 2003
    Location
    Sydney, Australia
    Posts
    8

    Question ASP Source Code Security Risk

    Is it possible to get the source code of the remote ASP scripts by appending ::$DATA at the end of the request (like GET /default.asp::$DATA) ?

    Going back a few years (IIS4) there was a security risk with your ASP source code - you could display the ASP code by typing in something like :ATA.

    Does anyone know whether or not this can still be done or is IIS pretty tight these days? My boss just did a network security check and one of the warnings advised him of the above - he doesn't think it's very likely but I thought I'd ask around anyway.

    Cheers.
    Reply With Quote Reply With Quote
  2. 02-11-2003 03:17 AM #2
    vishu_gupt
    vishu_gupt is offline MS Technology Specialist
    Join Date
    Dec 2002
    Posts
    54
    HI,
    Getting a source code of the asp file is not so easy. In IIS 4 there was a bug and this has been resolved now. Actually putting ::$DATA and other things are commands through which people were getting the data and these are not working now.
    Vishal Gupta
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

     

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Forum Rules

 HTML5 Development Center



Recent Articles