Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

ASP script using OpenTextFile
From: Paul Tinsley <pdt () jackhammer org>
Date: Mon, 08 Mar 2004 20:03:49 -0600

Need some help from those out there versed in windows. I am auditing an ASP based (VBScript) application which uses OpenTextFile as follows:

Set f = fso.OpenTextFile(sLeadingPath + paramPageToRender + ".xsl", ForReading)

I have been able to ../../../../ all over the place, but it only allows me to pick up files ending with .xsl. I would like to print the contents of a non .xsl file to prove that not checking paths properly is a large issue. But I have had no luck making it ignore the .xsl I have tried ../../foo.txt%00 ../../foo.txt%0a ../../foo.txt%0d. But none of these seem to be working for me, does anyone know of a good way to end the file where I want and have it ignore the .xsl tacked on the end of the filename to be opened? Any help is greatly appreciated.

Thanks,
  Paul Tinsley

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault