View previous topic :: View next topic |
Author |
Message |
wizzer -
Joined: 05 May 2003 Posts: 10
|
Posted: Tue May 06, 2003 12:47 pm Post subject: Directories being created when calling asp script |
|
|
First off...thanx for Abyss :D It rocks.
Second..my 1st attempt at using ASP succeeded. I installed a script that shows the contents of a server that is browseable - but whenever I call the script, it makes a series of directories within the "htdocs" folder. I've attached a screen shot to show you.
I've checked it out and it seems to be the script calling that creates the dirs...so I was hoping someone here could help me why it's doing this and is it a security risk?
Code: |
<%Response.Expires=0%>
<html>
<STYLE TYPE="text/css">
<!--
A:link {text-decoration: none; }
A:visited {text-decoration: none;}
A:active {text-decoration: none;color:red; }
A:hover {text-decoration:underline;color:red;}
-->
</STYLE>
<body bgcolor="white"><center>
<Caption><b>FTP File Index</caption><BR>
Current Folder: </b>
<%
Dim curr_dir
curr_dir = Request.QueryString("dir")
Set obj = CreateObject("ListFiles.Files")
obj.AspFile = "list.asp"
obj.RootFolder = "d:\Guest"
obj.RootVirtualFolder = ""
obj.Href = "off"
obj.FPsupport = "off"
obj.CurrentFolder = curr_dir
obj.TargetLinks = ""
obj.ImageOpenFolder = "open.gif"
obj.ImageCloseFolder = "close.gif"
obj.ImageFiles = "doc.gif"
obj.AdvanceView = "on"
obj.CtrlRedirFile = ""
obj.setTableTag = "<table border=1 bordercolordark='#464646' cellspacing=0 bgcolor='#dcdcdc'>"
obj.setNameColName = "<b>Name</b>"
obj.setNameColSize = " <b>Size</b> <i>(bytes)</i>"
obj.setNameColLastMod = " <b>Last Modified</b>"
obj.setDivider = "<hr color='#b22222'>"
obj.Runme()
res = obj.Result
If curr_dir = "" then
curr_dir2 = "\"
else
curr_dir2 = curr_dir
end if
Response.Write "<b>" & curr_dir2 & "</b><p>"
Response.Write res
Set obj = Nothing
%>
</BODY>
</HTML>
|
|
|
Back to top |
|
|
vbgunz -
Joined: 02 Feb 2003 Posts: 615 Location: Florida
|
Posted: Tue May 06, 2003 5:56 pm Post subject: |
|
|
That script looks really fishy and I'd like to know its purpose... It seems to be duplicating your system files which can hold some very private information... Not sure if its just creating an empty directory mirror or if its actually syncronizing with your %systemdrive%... Looks funny...
Just find out the purpose of the script and see if its actually fulfilling its purpose otherwise it doesn't look right... _________________ Victor B. Gonzalez
http://aeonserv.com |
|
Back to top |
|
|
wizzer -
Joined: 05 May 2003 Posts: 10
|
Posted: Tue May 06, 2003 6:15 pm Post subject: |
|
|
@vbgunz...
The script calls the directory structure of "D:\Guest" and displays it in a browseable type page. If I click on one dir, it goes into the sub-dirs, etc.
The script is working great and doing exactly what it's supposed to, except for making that series of dirs under htdocs.
It was a downloadable script, so I'm kinda curious about the Write statements towards the bottom of it.
I haven't been able to gain access to my system drive and nobody else has either..maybe time to look for another script that does the same purpose.
Thanx.. |
|
Back to top |
|
|
vbgunz -
Joined: 02 Feb 2003 Posts: 615 Location: Florida
|
Posted: Tue May 06, 2003 7:55 pm Post subject: |
|
|
It might be doing exactly as intended, just I was thinking that if you really wish to just browse and not write to the C:\account you can probably create an alias to your C:\account instead of trusting a third party script to do it... Also I thought it was just strange to have a script mirror and write that account into your htdocs directory... It could be working as intended as I do not know what its intention is but an immediate look at it seemed wierd...
I hope it works as intended and in a non malicous way... Good luck :) _________________ Victor B. Gonzalez
http://aeonserv.com |
|
Back to top |
|
|
markgarrigan -
Joined: 10 Jun 2003 Posts: 2
|
Posted: Thu Jun 12, 2003 6:18 am Post subject: |
|
|
this exact same thing is happening for me too?
is it something i need to worry about security wise.... |
|
Back to top |
|
|
os17fan -
Joined: 21 Mar 2003 Posts: 531 Location: USA
|
Posted: Thu Jun 12, 2003 1:54 pm Post subject: |
|
|
I can't believe you all never really seen these c:\ drive folder view scripts even I myself can't trust it , go to your domain for your asp folder
http://yourdomain/ahtml/ and then click on samples at the bottom and you will find a folder view ASP script that lets you view your entire c:\ drive but I deleted my samples folder so people can't see my hard drive
THAT SCRIPT LOOKS VERY DANGEROUS TO USE ESPECIALY BECAUSE IT SHOWS YOUR ENTIRE HARD DRIVE TO YOUR VISITERS 8) _________________ This web server is the best ! |
|
Back to top |
|
|
|