but with scripting support. This little test app is based on a httpd server posted by Jademtech some time ago. I have extended it to be a scripting host. But do not expect full ASP compatibility. You cannot replace your IIS by it. And the project is in an experimental state of course.
The software is free, download it from here
The software is free, download it from here
Hey, not sure if you care about security... You can do http://localhost/../ etc etc. Not intended to be a flame/troll - its meant to be real constructive critisism :/
Ciao,
-moog
Ciao,
-moog
moogman,
thats why he said it could not replace IIS. IIS has much more issues than just such a simple security flaw :)
thats why he said it could not replace IIS. IIS has much more issues than just such a simple security flaw :)
moogman,
I have to admit that I dont care much about the httpd stuff. I'm interested primarily in the COM and scripting issues of this "project". But as far as I can tell there is a function SafeFilePath in source httpd.asm which does the check you have mentioned. So that request should be denied by the server.
I have to admit that I dont care much about the httpd stuff. I'm interested primarily in the COM and scripting issues of this "project". But as far as I can tell there is a function SafeFilePath in source httpd.asm which does the check you have mentioned. So that request should be denied by the server.