directory transversal?

ive found a site which is vulnerable to dir transversal/LFI, and want to report it, but i cant get the exploit working and if it doesnt work theres no need to tell them. im using %2E%2E/ to transverse but the include page adds .xml onto the end and, being run on IIS on a windows server with ASPX, it wont accept ? or %00 at the end. is there any other way of "cutting off" the .xml at the end? :) thanks

yes there is i think, try appending & or ?lolors=, so that the extension becomes part of the querystring.

tried them, it doesnt work because you cant include a page in asp which has arguments to the file :(

and a CRLF?

no wait, check

http://www.exforsys.com/content/view/1617/354/ (at bottom of page) after a google search at "asp.net string termination" i found there that staments are terminated by carriage return or semicolon

i thought it was traversal?