|
Microsoft IIS 3.0 "%2e" ASP Source Disclosure Vulnerability
Microsoft IIS will return the source code of various server side script files (such as ASP files) if the filename in the URL request contains a "%2e", the hex value for ".". For example, the following URL will display the source of the ASP file: http://target/file%2easp Source code disclosure could possibly yield sensitive information such as usernames and passwords. |
|
|
Privacy Statement |
