Allaire JRun ACL bypassing/soure disclosure vulnerability

In-Reply-To: 009a01c1792a$d8a23160$0205a8c0@athlon hi, just an add on for the Jrun indexing vulnerability, the same 3f.jsp trick allows to view server scripts sources by using : GET /scripts.asp3f.jsp HTTP/1.0 and can be used to bypass IIS directories ACLs too while indexing the content and/or...