Sign in to follow this  
Followers 0


1 post in this topic

badWebMasters security advisory #013

IIS (patched) may execute any file in a ".asp"-directory (bad behavior)

Discovery date: 2003-05-17


ben moeckel (



When a directory is named like an asp-file the asp engine will parse any file in it, no matter what extension the file has.

This may be dangerous when users where able to create directories and upload images in it, a malicious user could upload an asp- script with the extension of an image and run it on the server.


Create the directory "test.asp" in your webroot and place the following file in it:

-- exploit.gif ------------------------------------

Hello world, I'm an image!


Open http://localhost/test.asp/exploit.gif in your browser and you should read the message.

Live sample:


Microsoft has been contacted 06-16-03 via the webform about this bug.

References: "Verschickter IIS..." (german)


Path Parsing Errata in Apache



Comments, suggestions, updates, anything else?


Source: (text/html)



ben moeckel security research

copyright 2k1-3 by Benjamin Klimmek / Germany.


Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
Followers 0