mailing list archives
Re: ASP script using OpenTextFile
From: Cael Abal <lists2 () onryou com>
Date: Mon, 08 Mar 2004 21:58:57 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Paul Tinsley wrote:
Need some help from those out there versed in windows. I am auditing
an ASP based (VBScript) application which uses OpenTextFile as
Set f = fso.OpenTextFile(sLeadingPath + paramPageToRender + ".xsl",
I have been able to ../../../../ all over the place, but it only
allows me to pick up files ending with .xsl. I would like to print
the contents of a non .xsl file to prove that not checking paths
properly is a large issue. But I have had no luck making it ignore
the .xsl I have tried ../../foo.txt%00 ../../foo.txt%0a
../../foo.txt%0d. But none of these seem to be working for me, does
anyone know of a good way to end the file where I want and have it
ignore the .xsl tacked on the end of the filename to be opened? Any
help is greatly appreciated.
You're right to raise concerns about this sort of code. Consider this
sLeadingPath = "C:\"
paramPageToRender = "passwords.txt" + Chr(0)
set fso = CreateObject("Scripting.FileSystemObject")
set f = fso.OpenTextFile (sLeadingPath + paramPageToRender + ".xsl", 1)
You had the right idea, you only needed to figure out how VBS represents
\0. As you know, because strings are terminated with the null
character, the final string concatenation performed within
OpenTextFile() is disregarded.
(Heh, fear my leet VBS skills.)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)
-----END PGP SIGNATURE-----
Full-Disclosure - We believe in it.