Ok I have a scanner utility that is enumerating backup copies of files that are present: i.e. http://www.blah.com/index.html If there's an index.old or index.html.old the script will find these with subsequent GET requests for the "backup" files. Where I'm running into a problem is with IIS 5.0 (Apache doesn't do this). i.e. http://www.blah.com/scripts/login.asp When I make a POST request to /scripts/login.old, etc I get a 405 method not allowed. The error in the returned header states only methods OPTIONS and TRACE are allowed which I'm assuming are the default methods allowed for a file extension that hasn't previously been setup in the IIS directory configuration. GET requests of course return 403 access denied errors. TRACE returns 200 OK for any request and OPTIONS of course returns the allowed HTTP methods. Has anyone else overcome this error or have a reliable method of determining "backup" copies of files are present in executable directories? Thanks in advance. -- -- fr0stman -- ---------------------------------------------------------------------------- Did you know that you have VNC running on your network? Your hacker does. Plug your security holes now! Download a free 15-day trial of VAM: http://www2.stillsecure.com/download/sf_vuln_list.html
This archive was generated by hypermail 2b30 : Mon Mar 17 2003 - 08:33:24 PST