ASP Source Code Security Risk
Is it possible to get the source code of the remote ASP scripts by appending ::$DATA at the end of the request (like GET /default.asp::$DATA) ?
Going back a few years (IIS4) there was a security risk with your ASP source code - you could display the ASP code by typing in something like :ATA.
Does anyone know whether or not this can still be done or is IIS pretty tight these days? My boss just did a network security check and one of the warnings advised him of the above - he doesn't think it's very likely but I thought I'd ask around anyway.
Getting a source code of the asp file is not so easy. In IIS 4 there was a bug and this has been resolved now. Actually putting ::$DATA and other things are commands through which people were getting the data and these are not working now.
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)