Extreme43
08-24-2005, 11:49 AM
hey..my friend just discovered someting very disturbing
while viewing a word document on an iis server he could save the file on the server
once saved he could actually browse around on the account delete, upload, rename
anything he really wanted
he tried it on mine and it worked also
not by ftp !
just straight IIS account i guess
EDIT:
in iis i disabled write
but doesnt that mean php, asp scripts cannot write or create files?
while viewing a word document on an iis server he could save the file on the server
once saved he could actually browse around on the account delete, upload, rename
anything he really wanted
he tried it on mine and it worked also
not by ftp !
just straight IIS account i guess
EDIT:
in iis i disabled write
but doesnt that mean php, asp scripts cannot write or create files?