info
discussion
exploit
solution
references
NT IIS ASP Alternate Data Streams Vulnerability
The following proof of concept was provided:
http://xyz/myasp.asp::$DATA
This will cause IIS to disclose the contents of the page, myasp.asp, to an attacker.
Privacy Statement
Copyright 2010, SecurityFocus
