what do you want people to learn? I didnt get what you intended to say
I am almost as amazed by the number of people who leave in the default comments!
Directory browsing...
..and then click on web.config, and read the contents!
interesting, people are still not disable 'directory browsing' (although it is disabled by default in IIS 6).
Thanx!
interesting, people still not disable 'directory browsing' (although it is disabled by default in IIS 6).
Thanx!
I think some of these cases this is the intended results. A couple of the results look like school projects that you would need to be able to download the entire project. I could be wrong though.
-James
It is even MORE boggling that they kinda have to do this on purpose?!?!?!?
As one of my favorite firemen says,
"Sweet Chocolate Christ!"
What a bunch of silly people. Not only do they leave directory browsing enabled, looking at some of the web.config files they have SQL servers sitting on the net with "userid=sa;password=" in them. Nice.
What a bunch of silly people. Not only do they leave directory browsing enabled, looking at some of the web.config files they have SQL servers sitting on the net with "userid=sa;password=" in them. Nice.
Yea, alot of them look like just school tests, or really simple projects. However, there are alot with *revealing* information. In the google URL change web.config to connect.inc and you can get all the PHP hosted passwords... :-)
Shouldn't ASP.NET be chucking up an error saying that it doesn't serve those file extensions? (like it does for .vb and .cs files)... or does enabling directory browsing override that?
It should, and by default it does. However, I think there are cases when using FP Extensions that it will reveal these files. FP Extensions asside, its possible to config your web server to serve these pages regardless.
Since some of those servers showing a nice directory listing expose as "Apache/1.3.26 Server at XXXXXXXXXXXXX Port 80", I guess that we're not seeing ASP.NET actually, but some Mono test apps on some Apache servers...