We have noticed a little problem with IIS 2.0 and were wondering if the
problem also exists in IIS 3.0.
It seems that anyone can browse the any files in the cgi-bin directory on
the server. For example, browse this on your IIS web host:
The only catch is that you have to know the name of the file. Good ole
security by obscurity?
IIS 2.0 in conjunction with M$ Internet Exploder passes the end users domain
and username to the IIS for access. Get's logged in the log file as
Anyone else observed this slight problem?
Joseph L. (Joe) Moll -- Network and Communications Engineering
ACQUION, Inc. Greenville, SC USA -- Specialists in Electronic Commerce
PGP Fingerprint = 8D E7 F0 E8 8D 67 A8 19 02 CB 83 0F 19 41 D3 A9