It all started back on May 7, 1999. Weld Pond of L0pht Heavy Industries issued a security advisory with the title "Web users can view ASP source code and other sensitive files on the web server." After first reading the advisory on BugTraq, I put together a small script that would go through a list of web sites and if they were IIS, check to see if showcode.asp was there. I fed it a list of urls I had gleaned from Yahoo.com and then watched in amazement as site after site came up positive for that vulnerability. Granted, this vulnerability was still very fresh but this is a sample file that is not even supposed to be on a production server. It was 9:00am Friday morning and I thought to myself that tens of thousands of companies were in for a surprise that day.
Read Entire Paper
E-Mail Link
Your IP address will be sent with this e-mail
