ASP script using OpenTextFile

[Paul Tinsley <pdt () jackhammer org>]

Need some help from those out there versed in windows.  I am auditing an 
ASP based (VBScript) application which uses OpenTextFile as follows:

Set f = fso.OpenTextFile(sLeadingPath + paramPageToRender + ".xsl", 
ForReading)

I have been able to ../../../../ all over the place, but it only allows 
me to pick up files ending with .xsl.  I would like to print the 
contents of a non .xsl file to prove that not checking paths properly is 
a large issue.  But I have had no luck making it ignore the .xsl I have 
tried ../../foo.txt%00 ../../foo.txt%0a ../../foo.txt%0d.  But none of 
these seem to be working for me, does anyone know of a good way to end 
the file where I want and have it ignore the .xsl tacked on the end of 
the filename to be opened?  Any help is greatly appreciated.

Thanks,
  Paul Tinsley

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html