[thelist] IIS Security Tip

.redstar. redstar at clix.pt
Thu Aug 17 16:54:54 CDT 2000

<tip type="security">
Is your site served by IIS5 or IIS4 with FrontPage2000 extensions ?
Then your ASP code might be insecure.
To test your site you can do the following :
Make a request for an .asp page from your server and add an extra http
header 'Translate: f' also end the request with a backslash '\'.
So something like http://www.yoursite.com/index.asp\ with an extra http
header 'Translate: f'.
This is easily done in perlscript or even VBScript with the proper objects.
If your server is affected it will return the source code of the .asp page.
For IIS4 a hot fix can be applied and for IIS5 you'll need to install SP1.


More information about the thelist mailing list