File Extensions and Directory Writes
in [Visual Basic]
|
From: Tom Shelton on 15 Mar 2010 00:30 On 2010-03-15, Webbiz <nospam(a)noway.com> wrote: > On Sun, 14 Mar 2010 00:44:14 -0500, "Nobody" <nobody(a)nobody.com> > wrote: > >>"Nobody" <nobody(a)nobody.com> wrote in message >>news:uC92CAzwKHA.1548(a)TK2MSFTNGP02.phx.gbl... >>> You need to make the URL for the file as follows: >>> >>> mysite.com/getfile.asp?SUBID=123456789 >>> >>> In the ASP file, which uses VBScript, you check the subscriber ID and use >>> If/Then/Else. You can make the ID a very long random number, so guessing >>> it would be difficult. >> >>Below is an ASP script sample. To try it, save it as "test.asp" and upload >>it to a Windows based host, then enter the URL like the following: >> >>mysite.com/getfile.asp?SubID=1234 >> >>Some of the code came from this site: >> >>http://www.learnasp.com/freebook/asp/ >> >>The code below does simple checks. If you want it to check a database, see >>"Databases" section in the link above for code samples. If you have a >>Unix/Linux host, then you have to use something else, like PHP. Fortunately, >>PHP runs on Windows, so you can test the script on a Windows machine, then >>upload it to Unix/Linux host without modifications(Except CR/LF conversion >>which is handled by most FTP software). See this site for PHP help: >> >>http://www.php.net >> >>Here is the ASP file: >> >><html> >><head> >><TITLE>Test</TITLE> >></head> >><body> >><% >>Option Explicit >> >>Dim SubID, fs, filename, f, s >> >>SubID=request.querystring("SubID") >> >>If SubID = "1234" Or SubID "1235" Then >> ' Subscriber is black listed >> Response.write "Access denied." >>Else >> ' Valid subscriber, send the file >> >> filename=server.mappath("/datafile.txt") >> Set fs = CreateObject("Scripting.FileSystemObject") >> Set f = fs.OpenTextFile(filename, 1, False) >> s=f.readall >> response.write s >> f.Close >> set f=nothing >> set fs=nothing >>End If >>%> >></body> >></html> >> >> >> > > > I use an Apache server. > > Thanks anyway. :) > > Webbiz So... That above would be a fairly easy perl, python, or even shell script. It's the idea that matters, right? -- Tom Shelton
From: mayayana on 15 Mar 2010 01:41 > I use an Apache server. > Tom's right. It may not be worth it..it may not be realistically doable...but it's probably worth checking out. Most hosts provide PHP support. I don't have much experience with it myself, but I've found that there's a lot available online in terms of free scripts. You may be able to just use a simple script that parses the URL and then adds an include with the download link.
From: Dee Earley on 15 Mar 2010 05:09 On 12/03/2010 19:40, Webbiz wrote: > On Fri, 12 Mar 2010 10:35:34 +0000, Dee Earley > <dee.earley(a)icode.co.uk> wrote: > >> On 11/03/2010 23:36, Webbiz wrote: >>> On Thu, 11 Mar 2010 11:20:42 +0000, Dee Earley >>> <dee.earley(a)icode.co.uk> wrote: >>> >>>> I know you've had the answers already but.. >>>> >>>> On 10/03/2010 21:01, Webbiz wrote: >>>> <SNIP> >>>>> The directory defaults to c:\Program Files\MyApp >>>> >>>> No it doesn't... >>>> (Unless you have an app really called "My App" which is just silly) >>>> >>>> Either give the full unmodified name, or don't give specifics at all. >>>> Both are better then effectively lying. >>> >>> Effectively lying? You're kidding, right? >>> >>> Would it really make a difference if I told you the name is really >>> GoobleryGook.exe? :-) >> >> It least it is slightly less obvious that you are giving us false >> information... > > The name of the application is not important in order to ask or answer > questions. All details pertinent are provided. The names have been > changed to protect the innocent.<g> Then 'My app uses a sub folder under "Program Files"' would have given us exactly the same information. >> For future reference, for us to help, we really need accurate information. >> Munged or obfuscated information and code just means it is harder for us >> to get to the bottom of something, to the point of us not being bothered >> to help. > > See above.<g> Yes, but details matter. I have dealt with many people that obfuscate their code so I can't tell the name of their product and in doing so, completely remove the real cause for the problem or change how the code operates. http://hashvb.earlsoft.co.uk/User:Dee/I_changed_the_code I'm trying to make the point that it is normally a bad idea to do this, and while I do agree that some people may be special enough to not change anything relevant, it's still annoying. >> Is it really such a secret application that you can't even mention it's >> name when trying to get someone to help you with said application? > > Everyone has a right to privacy. While the world would not end if the > names of the applications were posted on the newsgroup, I'd prefer > that they are not. Then don't be specific, As above, a "My app install under Program Files" is a perfectly good description. -- Dee Earley (dee.earley(a)icode.co.uk) i-Catcher Development Team iCode Systems
From: Webbiz on 15 Mar 2010 13:47 On Sun, 14 Mar 2010 21:30:31 -0700, Tom Shelton <tom_shelton(a)comcastXXXXXXX.net> wrote: >On 2010-03-15, Webbiz <nospam(a)noway.com> wrote: >> On Sun, 14 Mar 2010 00:44:14 -0500, "Nobody" <nobody(a)nobody.com> >> wrote: >> >>>"Nobody" <nobody(a)nobody.com> wrote in message >>>news:uC92CAzwKHA.1548(a)TK2MSFTNGP02.phx.gbl... >>>> You need to make the URL for the file as follows: >>>> >>>> mysite.com/getfile.asp?SUBID=123456789 >>>> >>>> In the ASP file, which uses VBScript, you check the subscriber ID and use >>>> If/Then/Else. You can make the ID a very long random number, so guessing >>>> it would be difficult. >>> >>>Below is an ASP script sample. To try it, save it as "test.asp" and upload >>>it to a Windows based host, then enter the URL like the following: >>> >>>mysite.com/getfile.asp?SubID=1234 >>> >>>Some of the code came from this site: >>> >>>http://www.learnasp.com/freebook/asp/ >>> >>>The code below does simple checks. If you want it to check a database, see >>>"Databases" section in the link above for code samples. If you have a >>>Unix/Linux host, then you have to use something else, like PHP. Fortunately, >>>PHP runs on Windows, so you can test the script on a Windows machine, then >>>upload it to Unix/Linux host without modifications(Except CR/LF conversion >>>which is handled by most FTP software). See this site for PHP help: >>> >>>http://www.php.net >>> >>>Here is the ASP file: >>> >>><html> >>><head> >>><TITLE>Test</TITLE> >>></head> >>><body> >>><% >>>Option Explicit >>> >>>Dim SubID, fs, filename, f, s >>> >>>SubID=request.querystring("SubID") >>> >>>If SubID = "1234" Or SubID "1235" Then >>> ' Subscriber is black listed >>> Response.write "Access denied." >>>Else >>> ' Valid subscriber, send the file >>> >>> filename=server.mappath("/datafile.txt") >>> Set fs = CreateObject("Scripting.FileSystemObject") >>> Set f = fs.OpenTextFile(filename, 1, False) >>> s=f.readall >>> response.write s >>> f.Close >>> set f=nothing >>> set fs=nothing >>>End If >>>%> >>></body> >>></html> >>> >>> >>> >> >> >> I use an Apache server. >> >> Thanks anyway. :) >> >> Webbiz > >So... That above would be a fairly easy perl, python, or even shell script. >It's the idea that matters, right? I guess. Considering I have no idea how to do perl or python, it's a bet hard to say. <g> Webbiz
From: Webbiz on 15 Mar 2010 13:55
On Mon, 15 Mar 2010 00:41:58 -0500, "mayayana" <mayayana(a)nospam.invalid> wrote: > >> I use an Apache server. >> > Tom's right. It may not be worth it..it may >not be realistically doable...but it's probably >worth checking out. Most hosts provide PHP >support. I don't have much experience with >it myself, but I've found that there's a lot >available online in terms of free scripts. You >may be able to just use a simple script that >parses the URL and then adds an include with >the download link. > Yes, my site uses PHP for its webpages so its definitely supported. Wish I had the time to learn the stuff. Had it done professionally. But let's talk VB6. Is it possible to write an app that can log into a website forum? Is the only way to do this is with ASP? Webbiz |