|Subject:||iis 6 directory browse|
|Date:||Fri, 13 Jul 2007|
We have a content server that writes files into the ntfs www root
directory. The content server has it's own permissions so users
cannot view them if they are not logged. However, if a person is not
logged in and were able to find out a filename, they can view it. Is
there a hack or vulnerability that would allow some to determine
directories and files available to view?