I have a small web server running W2K / IIS 5 and a client of mine is moving his web site from another hosting company to my server. This client wants to use FrontPage extensions, which I do have installed and have configured for his virtual domain.
Problem is, he has some order forms that he created that no longer work now that his site is on our server. Looking at one of his order forms, I find this tag:
<form method="POST" action="_vti_bin/shtml.exe/order_form2.htm" enctype="x-www-form-encoded" webbot-action="--WEBBOT-SELF--">
His order form fails to function on my server. There is no "_vti_bin" folder to start with, not to mention the SHTML.EXE file does not exist either.
I don't like the idea of a client executing an EXE file on my server in the first place. It would appear from the _vti_bin path that this may be a Microsoft EXE that he is trying to use. What is SHTML.EXE, and where does it come from, and can it be trusted?