I'm using Foxweb 3.3 on a Windows 2003 Server (IIS 6.0). Currently, if you specify a URL to a valid prg in the Foxweb directory like so:
It works just fine. However, if you specify the same path but with a .bak ending like so:
you get the same results even though no such .bak file exists anywhere on that machine.
As a matter of fact, you can do navigate here:
And you still get results. How can we prohibit this type of behavior? .bak files show up as vulnerabilities in Security Scans on web applications and its preventing a successful test run .