Snitz Forums 2000
Snitz Forums 2000
Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
Password:
Save Password
Forgot your Password?

 All Forums
 Snitz Forums 2000 MOD-Group
 MOD Add-On Forum (W/Code)
 Simple way of sharing source code.
 New Topic  Topic Locked
 Printer Friendly
Next Page
Author Previous Topic Topic Next Topic
Page: of 2

dayve
Forum Moderator

USA
5820 Posts

Posted - 13 November 2001 :  01:45:06  Show Profile  Visit dayve's Homepage
Simplicity at its best. So many times I copy my asp files to txt for sharing but now I find it easier to read the asp like an fso object to display source and it is dynamic meaning up to date realtime code...

anyway, if anyone is interested in doing the same just create a page named something like:

display_source.asp

<%
asp=Request.QueryString("page")
set fso = createobject("scripting.filesystemobject")
set act = fso.opentextfile(server.mappath(asp))
read_asp = act.readall
act.close
response.write "<pre>" & server.htmlencode(read_asp) & "</pre>"
%>

put this in your forum directory and then you are done. calling the source for any page is simple. just enter this url:

http://www.yourpage.com/forum/display_source.asp?page=forum_page.asp

and here is a live example:

Members Page

I guess it would be just as simple to add a form element so you can directly enter the page you wish to view in an input field...

____________
dayve
http://www.nineinchnailz.com/forum

Edited by - dayve on 13 November 2001 01:46:27

dayve
Forum Moderator

USA
5820 Posts

Posted - 13 November 2001 :  01:49:00  Show Profile  Visit dayve's Homepage
I guess I should add a word of warning. if you have hard coded any kind of security passwords or other things that you don't want to share then be leary of using this. I for one do not hard code stuff like that. Also, it is possible to grab source from other directories as well. Just want to make sure everyone is aware of this.

____________
dayve
http://www.nineinchnailz.com/forum
Go to Top of Page

Classicmotorcycling
Development Team Leader

Australia
2084 Posts

Posted - 13 November 2001 :  03:11:29  Show Profile
Dayve,

That is a wicked piece of code. I tried it and it works great. Just got to be careful with it as it will show asp pages in sub directories, even in directories at the lower level.

An example would be to have the code in

http://www.yourpage.com/forum/display_source.asp

but you want to get the code from http://www.yourpage.com/direcotry/test.asp, well all you need to do is

http://www.yourpage.com/forum/display_source.asp?page=../direcotry/test.asp

and it will show it

Big word of caution, but great work just the same.

Regards,

Webmaster @ Classic Motorycling Australia
Classic Motorcycling Australia
Go to Top of Page

Da_Stimulator
DEV Team Forum Moderator

USA
3373 Posts

Posted - 13 November 2001 :  03:23:48  Show Profile  Send Da_Stimulator an AOL message  Send Da_Stimulator a Yahoo! Message
You could filter out those directory inputs...

if Left(request.querystring("page"), 3) = "../" then
'show error message
elseif Left(request.querystring("page"), 1) = "/" then
'show error message
else
'code here
end if

----
-Eric (da_stimulator)
Stims Snitz Test area - Running 3.3.03, 4 beta, Huw's code, and Davio's code
Need a Mod? Check out the Mod Resource
Go to Top of Page

redbrad0
Advanced Member

USA
3725 Posts

Posted - 13 November 2001 :  09:50:48  Show Profile  Visit redbrad0's Homepage  Send redbrad0 an AOL message
if anyone is using this also make sure you do not allow people to be able to view the source of config.asp. I tried it on Dayve and he did make it so you cant view his config.asp file which is really good so people dont know how to get to your database.

Brad
Web Hosting with SQL Server @ $24.95 per month
Snitz Mod Archive

Go to Top of Page

dayve
Forum Moderator

USA
5820 Posts

Posted - 13 November 2001 :  10:30:42  Show Profile  Visit dayve's Homepage
yeah, I threw some caution about this but maybe I should have emphasized a little bit more. definately hide scripts that point to databases such as config.asp as redbrad0 noticed I did. thanks for the parsing bit da_stimulator

____________
dayve
http://www.nineinchnailz.com/forum
Go to Top of Page

SimonT
Junior Member

United Kingdom
202 Posts

Posted - 13 November 2001 :  11:19:38  Show Profile
I love topics about security :-)
I have seen so many sites that have used just what Dayve has said it is realy good for newbe's to ASP to see how the code woks but its a real security nightmare. If you are going to use the code then you will need to do alot more secuirty checks to make sure that the code is secure. As I belive if you just add the security checks that Da_Stimulator says you might be able to get round it by using Encoded strings to get past the checks have not checked as I have no time see this code as just an example code.




Go to Top of Page

redbrad0
Advanced Member

USA
3725 Posts

Posted - 13 November 2001 :  11:28:04  Show Profile  Visit redbrad0's Homepage  Send redbrad0 an AOL message
good advice

Brad
Web Hosting with SQL Server @ $24.95 per month
Snitz Mod Archive

Go to Top of Page

redbrad0
Advanced Member

USA
3725 Posts

Posted - 13 November 2001 :  14:39:46  Show Profile  Visit redbrad0's Homepage  Send redbrad0 an AOL message
Thinking about it, I think this would be a great file to add into the snitz files. This way when someone has a problem, people from the forum can view their asp files to see if they see a problem. but it would really have to be worked for security reasons. maybe the file just being in the tools zip file and make it so you can only read the directory that the file is in.

Brad
Web Hosting with SQL Server @ $24.95 per month
Snitz Mod Archive

Go to Top of Page

SimonT
Junior Member

United Kingdom
202 Posts

Posted - 15 November 2001 :  03:15:35  Show Profile
mmm my idea did not work

http://www.nineinchnailz.com/forum/display_source.asp?page=%63%6F%6E%66%69%67%2E%61%73%70

Go to Top of Page

Da_Stimulator
DEV Team Forum Moderator

USA
3373 Posts

Posted - 15 November 2001 :  03:45:35  Show Profile  Send Da_Stimulator an AOL message  Send Da_Stimulator a Yahoo! Message
but mine did... I emailed you dayve about what I did and how you can fix it :) dont wanna post it here for security reasons

----
-Eric (da_stimulator)
Stims Snitz Test area - Running 3.3.03, 4 beta, Huw's code, and Davio's code
Need a Mod? Check out the Mod Resource
Go to Top of Page

dayve
Forum Moderator

USA
5820 Posts

Posted - 15 November 2001 :  16:40:07  Show Profile  Visit dayve's Homepage
quote:

but mine did... I emailed you dayve about what I did and how you can fix it :) dont wanna post it here for security reasons

----
-Eric (da_stimulator)
Stims Snitz Test area - Running 3.3.03, 4 beta, Huw's code, and Davio's code
Need a Mod? Check out the Mod Resource



I didn't get the email for some strange reason. Please send it again and/or send it to dharris@hafresno.org thanks...

____________
dayve
http://www.nineinchnailz.com/forum
Go to Top of Page

Kenno
Average Member

Cambodia
846 Posts

Posted - 15 November 2001 :  18:21:07  Show Profile  Visit Kenno's Homepage
quote:

but mine did... I emailed you dayve about what I did and how you can fix it :) dont wanna post it here for security reasons

----
-Eric (da_stimulator)
Stims Snitz Test area - Running 3.3.03, 4 beta, Huw's code, and Davio's code
Need a Mod? Check out the Mod Resource



Well, it's good that you can find the security hole, however if you do not tell us, how do we know we can avoid those problems if we are to use the code above??? (just curious)

÷§÷ KhmerSite.net ÷§÷
Go to Top of Page

Davio
Development Team Member

Jamaica
12217 Posts

Posted - 15 November 2001 :  23:18:21  Show Profile
quote:

Thinking about it, I think this would be a great file to add into the snitz files. This way when someone has a problem, people from the forum can view their asp files to see if they see a problem. but it would really have to be worked for security reasons. maybe the file just being in the tools zip file and make it so you can only read the directory that the file is in.

Brad
Web Hosting with SQL Server @ $24.95 per month
Snitz Mod Archive



Great Idea Brad. I think just a function that checks permissions to see if you are allowed to view that file is needed. It would greatly reduce us who are helping users with thier forum, to see the source code of thier files.

Think I will work on this for my forum. Sourceforge has something like this on thier site. A "Show Source" link at the bottom of the pages.

- David
Go to Top of Page

dayve
Forum Moderator

USA
5820 Posts

Posted - 16 November 2001 :  00:16:32  Show Profile  Visit dayve's Homepage
quote:

quote:

but mine did... I emailed you dayve about what I did and how you can fix it :) dont wanna post it here for security reasons

----
-Eric (da_stimulator)
Stims Snitz Test area - Running 3.3.03, 4 beta, Huw's code, and Davio's code
Need a Mod? Check out the Mod Resource



Well, it's good that you can find the security hole, however if you do not tell us, how do we know we can avoid those problems if we are to use the code above??? (just curious)

÷§÷ KhmerSite.net ÷§÷



I think since I am actively using it he wants to show me how to plug the hole before exploiting this to other potential users of this code. in short, maybe don't use it until I find out what is causing my security issue here... I have not yet received an email about this

____________
dayve
http://www.nineinchnailz.com/forum
Go to Top of Page

Da_Stimulator
DEV Team Forum Moderator

USA
3373 Posts

Posted - 16 November 2001 :  00:41:03  Show Profile  Send Da_Stimulator an AOL message  Send Da_Stimulator a Yahoo! Message
My hotmail account wont open, I keep getting errors. I tried sending you an email from these forums, and I guess you didnt get it... maybe I'll Cheat and send you a 'send this topic to a friend' thing and put in the alternate email you gave me...

----
-Eric (da_stimulator)
Stims Snitz Test area - Running 3.3.03, 4 beta, Huw's code, and Davio's code
Need a Mod? Check out the Mod Resource
Go to Top of Page
Page: of 2 Previous Topic Topic Next Topic  
Next Page
 New Topic  Topic Locked
 Printer Friendly
Jump To:
Snitz Forums 2000 © 2000-2021 Snitz™ Communications Go To Top Of Page
This page was generated in 0.25 seconds. Powered By: Snitz Forums 2000 Version 3.4.07