Yes, there is an older error, the ::$DATA error. Try viewing an ASP page with the following querystring:<BR><BR>http://www.yourserver.com/somepage.asp::$DATA<BR><BR>(where yourserver.com is the domain name of your stie and somepage.asp is a valid ASP page name)<BR><BR>This is quite an older error, known back in late 1998. You can read an article explaining what it does and how to fix it at:<BR>http://www.4guysfromrolla.com/webtech/092298-1.shtml<BR><BR>Happy Programming!
You can also look at code with a new security hole:<BR><BR>http://www.yoursite.com/null.htw?CiWebHitsFile=/path/file.asp%20&CiRestriction=none&CiHiliteType=Full#C iTag3<BR><BR>Microsoft has a fix out already.
Could you please explain what parts of the url would be need to be replaced so that I can check my site for this bug.<BR><BR><BR>Another bug which I had heard of is that you could see the asp code simply by adding an extra dot to the end of the url, eg:<BR><BR>"http://www.yoursite.com/your.asp."<BR><BR>I don't know the cause of this bug or how to fix.<BR><BR>BTW, If anyone knows any more bugs please either post them here or e-mail me. I would particularly like to know of any that would make scripts visible via browsers. If I receive any responses I would like to create a comprehensive listing of all such bug and there fixes, which I would post on my own web site when I get around to creating it.
The standard IIS install with sample and all has<BR>a view asp ' page or something like that<BR><BR>If the server guy was lazy , that file could well<BR>be on a production box.<BR><BR>How does it work?<BR>I dunno. But something on the lines of point <BR>a url to the 'view asp' file <BR>with a querystring describing another file<BR>on the same box<BR><BR>To be safe...kill the sample sites