VULHUB ™

Server side processing of web pages can be bypassed under a specific set of conditions. If an .asp or similar file resides in a virtual directory whose name ends in a legal extension, the source code of the file may be sent to the client browser. IIS determines what action to take on a web document by parsing the URL for the filename extension. The first registered extension found in the string is used to make this decision. Therefore, if a request is made for the following file: /webroot/docs.htm/some.asp, and that file exists, IIS will parse the path and find the .htm extension in the virtual directory name docs.htm, determine that no preprocessing is required, and send the unprocessed source of the some.asp file.

Server side processing of web pages can be bypassed under a specific set of conditions. If an .asp or similar file resides in a virtual directory whose name ends in a legal extension, the source code of the file may be sent to the client browser. IIS determines what action to take on a web document by parsing the URL for the filename extension. The first registered extension found in the string is used to make this decision. Therefore, if a request is made for the following file: /webroot/docs.htm/some.asp, and that file exists, IIS will parse the path and find the .htm extension in the virtual directory name docs.htm, determine that no preprocessing is required, and send the unprocessed source of the some.asp file.