I tryed the following and the server stopped resoponding on ieak.microsoft.com: http://ieak.microsoft.com/ASPSamp/Samples/code.asp?source=/ASPSamp///////Samples/hello.asp * replace //////// with a few hundred forward slashes Looks like any IIS server with ASPSamp directory installed is vulnerable.. (or ASPs that take file paths as input) And something else... I notice handler mapped file extensions reveal system file paths for web directories.. ie: try (.idq, .idc, .stm, .pl, .cgi) depending on what is mapped. example : http://www.microsoft.com/badidea.stm Returns "Error processing SSI file 'd:\http\badidea.stm'" ____________________________________________________________________ Dave Edis http://www.edis.org/
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:39:33 PDT