1

I have a legacy ISAPI dll, that generally fulfills requests just fine, but occasionally I will get prompted to save the dll from my browser. This is a known issue, with some good workarounds. IIS 8.5 serving dll for download instead of executing Hitting download will give you a zero byte file.

I am actually interested in doing the opposite of the workaround. How can I force this (incorrect) behavior, ie, is it possible to trick the server to download the full ISAPI dll? If so, what settings should I change. I am running IIS 7.5.

[EDIT] For clarity, I am not trying to hack anything client side. I doubt that's possible, but if it is I would really like to know. I am trying to figure out if it is possible to get the server to give up the dll with just a plain old post/get request. This is how I got it to give me the dll the first time, luckily it was zero bytes.

Thank you

sse
  • 987
  • 1
  • 11
  • 30
  • This is not an appropriate question. Why would you want to download the dll? This would open a major security hole. –  Jan 08 '19 at 02:19
  • @Strom, I realize it is a security issue, and I am looking for the security hole so I can avoid it. I am not asking how to hack the web site. I am wondering how we might misconfigure our server, aside from the obvious directory browsing, that might lead our server to serve the dll (with all its bytes). I was surprised when I saw the file being downloaded at all. I wasn't trying to hack the server or break anything, I just made a request and the server gave me the dll, instead of processing the request. Again, fortunately it was zero bytes. – sse Jan 10 '19 at 00:39

0 Answers0