MS Personal Web Server

From: Lynn Kyle (lynnat_private)
Date: Sun Mar 22 1998 - 09:15:01 PST

Next message: Martin Schulze: "Re: bug in su (Slackware 3.4)"

Previous message: Miquel van Smoorenburg: "Re: An exploit for linux mh ver 6.8.4-5 ( update ) ..."
Next in thread: Rubens Kuhl Jr.: "Re: MS Personal Web Server"
Reply: Rubens Kuhl Jr.: "Re: MS Personal Web Server"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Has this been reported?

The MS Personal Web Server (tried on the win95, not NT) suffers
from the old IIS 3.0 unpatched bug of allowing you to download
asp files by using a trailing ".".

e.g.,

telnet victim 80
GET /default.asp. HTTP/1.0

will give you the contents of the asp not the result.
oops for any of you embedding a db login/pass in the asp.

Mike

Next message: Martin Schulze: "Re: bug in su (Slackware 3.4)"
Previous message: Miquel van Smoorenburg: "Re: An exploit for linux mh ver 6.8.4-5 ( update ) ..."
Next in thread: Rubens Kuhl Jr.: "Re: MS Personal Web Server"
Reply: Rubens Kuhl Jr.: "Re: MS Personal Web Server"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:46:42 PDT