Web Wiz - Green Windows Web Hosting
Web Wiz Homepage Search Web Wiz

  New Posts New Posts RSS Feed - Reading ASP Code from a PHP Script
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

Reading ASP Code from a PHP Script
 Post Reply Post Reply
Author
  Topic Search Topic Search  Topic Options Topic Options
xeerex View Drop Down
Senior Member
Senior Member


Joined: 19 November 2002
Location: United States
Status: Offline
Points: 601 		Post Options Post Options   Thanks (0) Thanks(0)   Quote xeerex Quote  Post ReplyReply Direct Link To This Post Topic: Reading ASP Code from a PHP Script
    Posted: 09 June 2005 at 7:34pm
Hey guys (and gals),

I had a podcasting directory web developer post on my forum out of the blue to promote his directory/website. That was cool but it led to an interesting discussion on his scripts ability to "read ASP code". Here is a quote from him:

Originally posted by kaspar kaspar wrote:


My script actually reads the file on your server, not the rendered HTML. It's as if I downloaded your ASP file and looked for (some but not all) the xml tags.


To which I replied:

Originally posted by xeerex xeerex wrote:


Ummm -- you want to explain how that is possible since anything inside the ASP delimiters is preprocessed by IIS? Your script would have to parse through code and figure out my variables which is next to impossible assuming the code wasn't preprocessed.





'Write out the code for RSS items as we loop through them


    Response.Write("<item>")


    Response.Write("<title>"& strSongName &"</title>")


    Response.Write("<link>"& strFeedURL &"/"& objFile.Name &"</link>")


    Response.Write("<description>"& strAlbum &"</description>")


    Response.Write("<pubDate>"& strPubDateFile &"</pubDate>")


    Response.Write("<enclosure url="""&
strEnclosureURL &""" length="""& intFileLength &"""
type=""audio/mpeg""/>")


    Response.Write("</item>")


Anyone want to comment or weigh in on this? You don't have to reply on my forum (or you can). I just want some feedback on this.

[ Original Thread on my Forum ]
Need Hosting, Domains, Dedicated Servers?
web design | pc support | training | podcasts | video production
Back to Top
dpyers View Drop Down
Senior Member
Senior Member


Joined: 12 May 2003
Status: Offline
Points: 3937 		Post Options Post Options   Thanks (0) Thanks(0)   Quote dpyers Quote  Post ReplyReply Direct Link To This Post Posted: 09 June 2005 at 8:10pm
is he banging your server through ftp?

Lead me not into temptation... I know the short cut, follow me.
Back to Top
xeerex View Drop Down
Senior Member
Senior Member


Joined: 19 November 2002
Location: United States
Status: Offline
Points: 601 		Post Options Post Options   Thanks (0) Thanks(0)   Quote xeerex Quote  Post ReplyReply Direct Link To This Post Posted: 09 June 2005 at 8:36pm
Nope.
Need Hosting, Domains, Dedicated Servers?
web design | pc support | training | podcasts | video production
Back to Top
dpyers View Drop Down
Senior Member
Senior Member


Joined: 12 May 2003
Status: Offline
Points: 3937 		Post Options Post Options   Thanks (0) Thanks(0)   Quote dpyers Quote  Post ReplyReply Direct Link To This Post Posted: 10 June 2005 at 6:40am
Only thing I could think of then is that somehow he's got access to the file system. Does he require that you run one of his scripts from your site?
 
Note that if he is using php from your site, the allow_url_fopen instruction is very insecure. There's a very right way to use the command and a very wrong way. The wrong way is the "easy" way and exposes your site to casual hackers.


Edited by dpyers - 10 June 2005 at 7:09am

Lead me not into temptation... I know the short cut, follow me.
Back to Top
ljamal View Drop Down
Mod Builder Group
Mod Builder Group


Joined: 16 April 2003
Status: Offline
Points: 888 		Post Options Post Options   Thanks (0) Thanks(0)   Quote ljamal Quote  Post ReplyReply Direct Link To This Post Posted: 10 June 2005 at 9:42am
If you check out the thread you'll see that he does say he is accessing XML not the physical file. Even the information he posts is XML not ASP.

No mystery here as he's not doing what you think he is.
L. Jamal Walton

L. Jamal Inc : Web/ Print Design and ASP Programming
Back to Top
xeerex View Drop Down
Senior Member
Senior Member


Joined: 19 November 2002
Location: United States
Status: Offline
Points: 601 		Post Options Post Options   Thanks (0) Thanks(0)   Quote xeerex Quote  Post ReplyReply Direct Link To This Post Posted: 10 June 2005 at 7:06pm
Originally posted by wrote:

you'll see that he does say he is accessing XML not the physical file. Even the information he posts is XML not ASP.


Thanks for the feedback guys.Smile

In his last post, he figured out his script issue and admitted that he couldn't "read my scripts". I knew that he wasn't accessing any of scripts but he did state "My script actually reads the file on your server, not the rendered HTML. It's as if I downloaded your ASP file and looked for (some but not all) the xml tags." I still knew he couldn't read the ASP code without FTP access, but I wanted some more feedback in case he didn't comprehend that.Wink
Need Hosting, Domains, Dedicated Servers?
web design | pc support | training | podcasts | video production
Back to Top
 Post Reply Post Reply

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 12.08
Copyright ©2001-2026 Web Wiz Ltd.

Become a Fan on Facebook Follow us on X Connect with us on LinkedIn Web Wiz Blogs
About Web Wiz | Contact Web Wiz | Terms & Conditions | Cookies | Privacy Notice

Web Wiz is the trading name of Web Wiz Ltd. Company registration No. 05977755. Registered in England and Wales.
Registered office: Web Wiz Ltd, Unit 18, The Glenmore Centre, Fancy Road, Poole, Dorset, BH12 4FB, UK.

Prices exclude VAT at 20% unless otherwise stated. VAT No. GB988999105 - $, € prices shown as a guideline only.

Copyright ©2001-2026 Web Wiz Ltd. All rights reserved.