Vulnerability Scanning Solutions, LLC.
Home
Our Process
Residential
Corporate
What We Scan For
Sample Report
Client List
Terms
Contact Us
What We Scan For
Family: Web Servers --> Category: infos

Check for dangerous IIS default files Vulnerability Scan


Vulnerability Scan Summary
Check for existence of viewcode.asp

Detailed Explanation for this Vulnerability Test

The file viewcode.asp is a default IIS files which can give a
malicious user a lot of unnecessary information about your file
system or source files. Specifically, viewcode.asp can allow a
remote user to potentially read any file on a webserver hard drive.

Example,
http://target/pathto/viewcode.asp?source=../../../../../../autoexec.bat

Solution : If you do not need these files, then delete them, otherwise
use suitable access control lists to ensure that the files are not
world-readable.

Threat Level: High

Click HERE for more information and discussions on this network vulnerability scan.

VSS, LLC.

P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.