|
Family: CGI abuses --> Category: infos
ASP source using ::$DATA trick Vulnerability Scan
Vulnerability Scan Summary downloads the source of ASP scripts
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server is affected by an information disclosure flaw.
Description :
It is possible to get the source code of a remote ASP script by
appending '::$DATA' to the end of the request. ASP source code
usually contains sensitive information such as logins and passwords.
See also :
http://www.microsoft.com/technet/security/bulletin/ms98-003.mspx
Solution :
Apply the hotfixes referenced in the vendor advisory above.
Threat Level:
Low / CVSS Base Score : 1
(AV:R/AC:L/Au:R/C:P/A:N/I:N/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|