|
Family: Web Servers --> Category: infos
Check for dangerous IIS default files Vulnerability Scan
Vulnerability Scan Summary Check for existence of viewcode.asp
Detailed Explanation for this Vulnerability Test
The file viewcode.asp is a default IIS files which can give a
malicious user a lot of unnecessary information about your file
system or source files. Specifically, viewcode.asp can allow a
remote user to potentially read any file on a webserver hard drive.
Example,
http://target/pathto/viewcode.asp?source=../../../../../../autoexec.bat
Solution : If you do not need these files, then delete them, otherwise
use suitable access control lists to ensure that the files are not
world-readable.
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|