Classic ASP Discussion - Reading ASP Code from a PHP Script

Print Page | Close Window

Reading ASP Code from a PHP Script

Printed From: Web Wiz Forums
Category: General Discussion
Forum Name: Classic ASP Discussion
Forum Description: Discussion on Active Server Pages (Classic ASP).
URL: https://forums.webwiz.net/forum_posts.asp?TID=15413
Printed Date: 30 March 2026 at 3:26am
Software Version: Web Wiz Forums 12.08 - https://www.webwizforums.com

Topic: Reading ASP Code from a PHP Script

Posted By: xeerex
Subject: Reading ASP Code from a PHP Script
Date Posted: 09 June 2005 at 7:34pm

Hey guys (and gals),

I had a podcasting directory web developer post on my forum out of the blue to promote his directory/website. That was cool but it led to an interesting discussion on his scripts ability to "read ASP code". Here is a quote from him:

kaspar wrote:

My script actually reads the file on your server, not the rendered HTML. It's as if I downloaded your ASP file and looked for (some but not all) the xml tags.

To which I replied:

xeerex wrote:

Ummm -- you want to explain how that is possible since anything inside the ASP delimiters is preprocessed by IIS? Your script would have to parse through code and figure out my variables which is next to impossible assuming the code wasn't preprocessed.




'Write out the code for RSS items as we loop through them


    Response.Write("<item>")


    Response.Write("<title>"& strSongName &"</title>")


    Response.Write("<link>"& strFeedURL &"/"& objFile.Name &"</link>")


    Response.Write("<description>"& strAlbum &"</description>")


    Response.Write("<pubDate>"& strPubDateFile &"</pubDate>")


    Response.Write("<enclosure url="""&
strEnclosureURL &""" length="""& intFileLength &"""
type=""audio/mpeg""/>")


    Response.Write("</item>")

Anyone want to comment or weigh in on this? You don't have to reply on my forum (or you can). I just want some feedback on this.

[ http://www.rexpage.com/forum/forum_posts.asp?TID=348&PN=1&TPN=1 - Original Thread on my Forum ]

-------------
http://webspacegeeks.com - Need Hosting, Domains, Dedicated Servers?
http://www.smartergeek.com - web design | pc support | training | podcasts | video production

Replies:

Posted By: dpyers
Date Posted: 09 June 2005 at 8:10pm

is he banging your server through ftp?

-------------

Lead me not into temptation... I know the short cut, follow me.

Posted By: xeerex
Date Posted: 09 June 2005 at 8:36pm

Nope.

-------------
http://webspacegeeks.com - Need Hosting, Domains, Dedicated Servers?
http://www.smartergeek.com - web design | pc support | training | podcasts | video production

Posted By: dpyers
Date Posted: 10 June 2005 at 6:40am

Only thing I could think of then is that somehow he's got access to the file system. Does he require that you run one of his scripts from your site?

Note that if he is using php from your site, the allow_url_fopen instruction is very insecure. There's a very right way to use the command and a very wrong way. The wrong way is the "easy" way and exposes your site to casual hackers.

-------------

Lead me not into temptation... I know the short cut, follow me.

Posted By: ljamal
Date Posted: 10 June 2005 at 9:42am

If you check out the thread you'll see that he does say he is accessing XML not the physical file. Even the information he posts is XML not ASP.

No mystery here as he's not doing what you think he is.

-------------
L. Jamal Walton

http://www.ljamal.com/" rel="nofollow - L. Jamal Inc : Web/ Print Design and ASP Programming

Posted By: xeerex
Date Posted: 10 June 2005 at 7:06pm

wrote:

you'll see that he does say he is accessing XML not the physical file. Even the information he posts is XML not ASP.

Thanks for the feedback guys. Smile

In his last post, he figured out his script issue and admitted that he couldn't "read my scripts". I knew that he wasn't accessing any of scripts but he did state "My script actually reads the file on your server, not the rendered HTML. It's as if I downloaded your ASP file and looked for (some but not all) the xml tags." I still knew he couldn't read the ASP code without FTP access, but I wanted some more feedback in case he didn't comprehend that. Wink

-------------
http://webspacegeeks.com - Need Hosting, Domains, Dedicated Servers?
http://www.smartergeek.com - web design | pc support | training | podcasts | video production