Well i have no more clue of hotfixes but there seems to be other problems with %3F and jsp. And am sorry if this is old. I just tryed this on my IIS5 sp2 with most hotfixes and Resin 2.0.1 installed. http://server/default.asp%3F.jsp And it just droped me the asp source. Got similar result with alliere jrun. I think i seen a post here somewhere about %3F.jsp gets you a filelist if you try something like http://server/%3F.jsp to. A fix for it seems to be to set the rights on the site to Script only. Regards, Stefan Sundkvist -----Ursprungligt meddelande----- Från: jesperhtat_private [mailto:jesperhtat_private] Skickat: den 5 januari 2002 18:15 Till: vuln-devat_private Ämne: The good , the bad, the IIS. (%3F Weirdness) *I have no clue if this is a new bug or not due to my lack of hotfixes, but here it goes!* Hello fellow vuln-dev'ers, Here is a srange bug ive found on my test server: Microsoft Windows 2000 [Version 5.00.2195] (service pack 2) Making the following request: http://bender/global.asa%3f.htr Adding a %3f.htr at the end seems to yield its source code. Because this is a default install, all that it contains is the following: <OBJECT RUNAT=Server SCOPE=Session ID=MyInfo PROGID="MSWC.MyInfo"> </OBJECT> Ive tried appending %3f.htr to iisstart.asp (another default file), but that does not reveal a thing. Renaming iisstart.asp to iisstart.asa and trying to view its source does not work then either. I cant find any logic behind this. Please give this a shot, play with this, and send in your results/thoughts! Best Regards, -Scarabus
This archive was generated by hypermail 2b30 : Sun Jan 06 2002 - 09:39:36 PST