Hey all,

I dont usally post under Microsoft but yah know when you have a question bout Microsoft
What better place to post it?

Anyway, I do security audits for companys however the stuff im in charge of all the *inx boxes,cisco switchs,routers, and firewalls. However, I have been asked to see what is up with this nt4 server running iis4,
the default page is up but it looks like the admin(s) took off all the sample scripts except for the following:

+ 200 OK: GET /test.ida
+ 200 OK: GET /test.idq
+ 200 OK: GET /msadc/Samples/selector/showcode.asp
+ 200 OK: GET /msadc/samples/adctest.asp
+ 200 OK: HEAD /msadc/msadcs.dll
+ 200 OK: HEAD /officescan/cgi/jdkRqNotify.exe
+ 200 OK: HEAD /_vti_inf.html
+ 200 OK: HEAD /_vti_bin/shtml.dll
+ 200 OK: HEAD /_vti_bin/shtml.exe

now the one in particular i have a question about (however any input on anyof them would be greatly accepted) is /msadc/samples/adctest.asp

This brings up a page that says:

Remote Data Service 1.5 Query Page

ADC Server: www.whatever.com
Connection: DSN=AdvWorks
Query: Select * from Products
Recordset Status: Complete
Execute Option: Asynchronous

I belive this is some sort of sample database query page and have googled it and read some interesting articles but still not sure exactly what it is . Im sure this poses a major risk but im not quite sure what that risk is.
Any help would be great
linuxcomando