News Burst: Security flaw in NT IIS

A serious flaw in Internet Information Server - part of Windows NT - allows Internet users to view the source code for Microsoft .asp (Active Server Page) scripts, seriously undermining the security of sites using IIS.

ZDNet has investigated, with success, claims by rootshell.com that simply adding ::$DATA at the end of an .asp URL e.g. http://anyone/anywhere.asp::$DATA will be reveal the source of the ASP rather than the output.

Full story to follow.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All