News Burst: Security flaw in NT IIS

A serious flaw in Internet Information Server - part of Windows NT - allows Internet users to view the source code for Microsoft .asp (Active Server Page) scripts, seriously undermining the security of sites using IIS.

ZDNet has investigated, with success, claims by that simply adding ::$DATA at the end of an .asp URL e.g. http://anyone/anywhere.asp::$DATA will be reveal the source of the ASP rather than the output.

Full story to follow.