Full Disclosure mailing list archives
ASP script using OpenTextFile
From: Paul Tinsley <pdt () jackhammer org>
Date: Mon, 08 Mar 2004 20:03:49 -0600
Need some help from those out there versed in windows. I am auditing an ASP based (VBScript) application which uses OpenTextFile as follows:
Set f = fso.OpenTextFile(sLeadingPath + paramPageToRender + ".xsl", ForReading)
I have been able to ../../../../ all over the place, but it only allows me to pick up files ending with .xsl. I would like to print the contents of a non .xsl file to prove that not checking paths properly is a large issue. But I have had no luck making it ignore the .xsl I have tried ../../foo.txt%00 ../../foo.txt%0a ../../foo.txt%0d. But none of these seem to be working for me, does anyone know of a good way to end the file where I want and have it ignore the .xsl tacked on the end of the filename to be opened? Any help is greatly appreciated.
Thanks, Paul Tinsley _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- ASP script using OpenTextFile Paul Tinsley (Mar 08)
- Re: ASP script using OpenTextFile Cael Abal (Mar 08)
- Re: ASP script using OpenTextFile Cael Abal (Mar 08)
- Re: ASP script using OpenTextFile Cael Abal (Mar 08)