What version of MS PWS does this apply to ? NT Option Pack includes IIS 4.0 for NT Server, PWS 4.0 for NT Workstation and PWS 4.0 for Windows 95, and I would think (although I haven't tested to be sure) that this doesn't affect PWS 4.0/Win95. Rubens Kuhl Jr. > -----Original Message----- > From: Lynn Kyle [SMTP:lynnat_private] > Sent: Sunday, March 22, 1998 2:15 PM > To: BUGTRAQat_private > Subject: MS Personal Web Server > > Has this been reported? > > The MS Personal Web Server (tried on the win95, not NT) suffers > from the old IIS 3.0 unpatched bug of allowing you to download > asp files by using a trailing ".". > > e.g., > > telnet victim 80 > GET /default.asp. HTTP/1.0 > > will give you the contents of the asp not the result. > oops for any of you embedding a db login/pass in the asp. > > Mike
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:46:47 PDT