Has this been reported? The MS Personal Web Server (tried on the win95, not NT) suffers from the old IIS 3.0 unpatched bug of allowing you to download asp files by using a trailing ".". e.g., telnet victim 80 GET /default.asp. HTTP/1.0 will give you the contents of the asp not the result. oops for any of you embedding a db login/pass in the asp. Mike
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:46:42 PDT