[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] ASP script using OpenTextFile

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: [Full-Disclosure] ASP script using OpenTextFile
From: Paul Tinsley <pdt@xxxxxxxxxxxxxx>
Date: Mon, 08 Mar 2004 20:03:49 -0600

Need some help from those out there versed in windows. I am auditing an ASP based (VBScript) application which uses OpenTextFile as follows:

Set f = fso.OpenTextFile(sLeadingPath + paramPageToRender + ".xsl", ForReading)

I have been able to ../../../../ all over the place, but it only allows me to pick up files ending with .xsl. I would like to print the contents of a non .xsl file to prove that not checking paths properly is a large issue. But I have had no luck making it ignore the .xsl I have tried ../../foo.txt%00 ../../foo.txt%0a ../../foo.txt%0d. But none of these seem to be working for me, does anyone know of a good way to end the file where I want and have it ignore the .xsl tacked on the end of the filename to be opened? Any help is greatly appreciated.

Thanks,
  Paul Tinsley

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] ASP script using OpenTextFile
  - From: Cael Abal

Prev by Date: Re: [Full-Disclosure] Has anyone seen this in their e-mail
Next by Date: [Full-Disclosure] Comcast using IPS to protect the Internet from their home user clients?
Previous by thread: Re: [Full-Disclosure] Has anyone seen this in their e-mail
Next by thread: Re: [Full-Disclosure] ASP script using OpenTextFile
Index(es):
- Date
- Thread