473,320 Members | 1,829 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

Download ASP Script?

Oli
Alright people,
I'll get straight to the point.... Bascially a company I do some work for
has just gone bankrupt and is in liquidation and I want to get hold of one
of the ASP scripts off their webserver. It is only something basic that
takes the input of a dropdown box and takes you to the appropriate page (I
know this can be done with Javascript but I don't like it!).

Can someone please tell me how I can physically grab the script off their
server (I know the filename), OR tell me how I can make a similar script?

Many thanks in advance,
Oli
Jul 19 '05 #1
6 6987
If you want to get it off their server, go and ask them for it. You don't
steal things.

As for programming this yourself, it's trivial.

<select name="cboGoThere">
<option value="a">Value 1</option>
<option value="b">Value 2</option>
<option value="c">Value 3</option>
</select>

- - - - - - - - - -

Select Case Request.Form("cboGoThere")
Case "a"
strRedirect = "pageA.asp"
Case "b"
strRedirect = "someOtherPage.asp"
Case "c"
strRedirect = "whoCares.asp"
Case Else
strRedirect = "/"
End Select
Response.Redirect(strRedirect)

Cheers
Ken

"Oli" <ol*@NOSPAMoliwoods.co.uk> wrote in message
news:bm**********@titan.btinternet.com...
: Alright people,
: I'll get straight to the point.... Bascially a company I do some work for
: has just gone bankrupt and is in liquidation and I want to get hold of one
: of the ASP scripts off their webserver. It is only something basic that
: takes the input of a dropdown box and takes you to the appropriate page (I
: know this can be done with Javascript but I don't like it!).
:
: Can someone please tell me how I can physically grab the script off their
: server (I know the filename), OR tell me how I can make a similar script?
:
: Many thanks in advance,
: Oli
:
:
Jul 19 '05 #2
On Sun, 12 Oct 2003 23:38:26 +1000, "Ken Schaefer"
<ke*******@THISadOpenStatic.com> wrote:
If you want to get it off their server, go and ask them for it. You don't
steal things.

[snip]

Talking of getting ASP pages from a server. I'm new to the world of
ASP vbscript and thought that its basically impossible to get asp
files from asp servers, as typing in the filename runs the file.

Now with you NOT saying that its "not" possible to the guy - are you
say that it is possible in someway to get other peoples .ASP pages
from thier sites?

You've not got me worried as if its possible then what about all the
sensitive info stored in them (like DB connections with user &
passwords) etc.

If it is possible what about the global .ASA file?

please let me know is it or is it not possible to "steal" asp/asa
pages from someones website.

Thanks
Al.
Jul 19 '05 #3
There are few old exploits that allowed you to see ASP source code. Any
server that's patched is immune.

However, suppose the IIS site allows Frontpage authoring. All you'd need to
do is guess a username/password combination

Additionally, ASP pages are just text files on the server. If you can
somehow get access to the server (I assume that this guy knows a little
about the company, especially since he knows it's gone bankrupt), then you
can get access to the files.

etc, etc

So, the simple answer is "no" - without having something extra (eg
username/password), it's not possible to get ASP source code (.asp, .asa ),
however that's not to say its completely impossible.

cheers
Ken
"Harag" <ha***@softGETRIDOFCAPLETTERShome.net> wrote in message
news:k5********************************@4ax.com...
: On Sun, 12 Oct 2003 23:38:26 +1000, "Ken Schaefer"
: <ke*******@THISadOpenStatic.com> wrote:
:
: >If you want to get it off their server, go and ask them for it. You don't
: >steal things.
: [snip]
:
: Talking of getting ASP pages from a server. I'm new to the world of
: ASP vbscript and thought that its basically impossible to get asp
: files from asp servers, as typing in the filename runs the file.
:
: Now with you NOT saying that its "not" possible to the guy - are you
: say that it is possible in someway to get other peoples .ASP pages
: from thier sites?
:
: You've not got me worried as if its possible then what about all the
: sensitive info stored in them (like DB connections with user &
: passwords) etc.
:
: If it is possible what about the global .ASA file?
:
: please let me know is it or is it not possible to "steal" asp/asa
: pages from someones website.
:
: Thanks
: Al.
:
:
Jul 19 '05 #4
On Mon, 13 Oct 2003 08:18:07 +0100, Harag
<ha***@softGETRIDOFCAPLETTERShome.net> wrote:
On Sun, 12 Oct 2003 23:38:26 +1000, "Ken Schaefer"
<ke*******@THISadOpenStatic.com> wrote:
If you want to get it off their server, go and ask them for it. You don't
steal things.[snip]

Talking of getting ASP pages from a server. I'm new to the world of
ASP vbscript and thought that its basically impossible to get asp
files from asp servers, as typing in the filename runs the file.

Now with you NOT saying that its "not" possible to the guy - are you
say that it is possible in someway to get other peoples .ASP pages
from thier sites?


FTP, copy to floppy, have them email it, plenty of ways. No, you
can't just "View Source".
You've not got me worried as if its possible then what about all the
sensitive info stored in them (like DB connections with user &
passwords) etc.
Never ever store passwords or connection info where it would be
accessible. There are/were a number of attacks on IIS/Windows systems
that allowed viewing the files, all of which have been patched and
which have security fixes. Make sure you've applied them and locked
down the box.
please let me know is it or is it not possible to "steal" asp/asa
pages from someones website.


I can always walk in the door with a gun and make you copy it to
floppy for me, there's no "foolproof" method. Make sure you follow
good security practices.

Jeff
Jul 19 '05 #5
Hi
FTP, copy to floppy, have them email it, plenty of ways. No, you
can't just "View Source".
lol. it was the latter that I was more worried about. I'm more asking
from the point of view of a user other side of the world getting into
the asp files.
Never ever store passwords or connection info where it would be
accessible. There are/were a number of attacks on IIS/Windows systems
that allowed viewing the files, all of which have been patched and
which have security fixes. Make sure you've applied them and locked
down the box.
Hmm Where do you store the connection/password info ?

I have 1 ASP-VBSCRIPT CLASS .asp file that handles my connection to
the DB and even all the code for getting recordsets back in different
formats (Recordset or array or none)

I have my connection string set up as follows in the global.asa:

Application("DBConnection") = "Provider=SQLOLEDB; Data Source=(local);
Initial Catalog=dbname; User ID=[***USER***]; Password=[***PASS***];
Persist Security Info=True"

and in my class I replace the user & password bits with the actual
name & password... hmm thinking about it I dont need to store the
above in the Application object (this was from my old system before I
wrote the class lol)
I can always walk in the door with a gun and make you copy it to
floppy for me, there's no "foolproof" method. Make sure you follow
good security practices.


LOL, yea there is always that possibility :)

Al

Jul 19 '05 #6
On Tue, 14 Oct 2003 08:52:29 +0100, Harag
<ha***@softGETRIDOFCAPLETTERShome.net> wrote:
Hi
FTP, copy to floppy, have them email it, plenty of ways. No, you
can't just "View Source".
lol. it was the latter that I was more worried about. I'm more asking
from the point of view of a user other side of the world getting into
the asp files.
Never ever store passwords or connection info where it would be
accessible. There are/were a number of attacks on IIS/Windows systems
that allowed viewing the files, all of which have been patched and
which have security fixes. Make sure you've applied them and locked
down the box.


Hmm Where do you store the connection/password info ?


I store them in an include, outside the IIS website heirarchy. It's
not really *that* much safer, just that most of the hacks for
directory traversal or other means of viewing files on systems depend
on either a known folder structure (\\winnt\system32\etc...) or access
to the web folders. Placing connection string includes, as well as
databases, etc. outside the structure in a folder that isn't easily
guessable is just one more hurdle to get by.
I have 1 ASP-VBSCRIPT CLASS .asp file that handles my connection to
the DB and even all the code for getting recordsets back in different
formats (Recordset or array or none)

I have my connection string set up as follows in the global.asa:

Application("DBConnection") = "Provider=SQLOLEDB; Data Source=(local);
Initial Catalog=dbname; User ID=[***USER***]; Password=[***PASS***];
Persist Security Info=True"
I'm not fond of having connection strings in the global.asa, but part
of that stems from having to access different connections depending on
what's going on. There are arguments not to provide connection
information between sessions, instead creating and destroying
connections as needed, plus if you have pages that don't need a
connection, you're creating it for the user even if you never use it.
A lot of this depends on design considerations and has to do with
scalability issues, so each organization is affected differently.
and in my class I replace the user & password bits with the actual
name & password... hmm thinking about it I dont need to store the
above in the Application object (this was from my old system before I
wrote the class lol)


You don't, and it's probably not a smart programming move, though I
don't think it would affect security.
I can always walk in the door with a gun and make you copy it to
floppy for me, there's no "foolproof" method. Make sure you follow
good security practices.


LOL, yea there is always that possibility :)


Security is a matter of tradeoffs. You often trade security for
usability, until you get a balance that works in your specific
instance. What you need for security might not be the same as the kid
in his high school lab creating a project that will be destroyed next
month, or the CIA creating a system to share intelligence with other
agencies.

Jeff
Jul 19 '05 #7

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

3
by: Rod | last post by:
Hi, I have a script that download any file to the user according to the parameters. I call the script like this: download.php?file=xxx/myfile.doc&file_short=myfile.doc My script is working...
4
by: D. Alvarado | last post by:
Hello, I would like to design a page that measures the user's download connection. Does anyone have an example link or script that might aid me in this task? Thanks, - Dave
3
by: Nathan Sokalski | last post by:
I have a webform that contains a button which I want to do three things: 1. Delete a record from a database 2. Let the user download a text file that is generated 3. Refresh the page to show...
2
by: Jan Paul van de Berg | last post by:
I have a piece of software that people can download and a third party promoting that software. In order for them to be able to count the number of downloads, I have to put a tracking code on my...
12
by: comp.lang.php | last post by:
index.php: // STUFF // STEP 1: imagecreatetruecolor ONLY IF GD 2.0+ SUPPORTED AND FOUND if ($this->isSuccessful && !$hasMogrified && $image && !$newImage &&...
1
by: Joey Nolan | last post by:
Hi, I have a PDF file on my site that I want to distribute freely but I want to be able to contact anyone who downloaded it to warn them about mistakes and modification and new versions and...
3
by: malaysiauser | last post by:
Dear all, Last year I install a download control script in Linux server. its working. This year i'd changed my hosting server to other company. i'd tried install the script. It was installed...
3
by: jainritesh | last post by:
Hello All, I want to confirm that the user is registered member before he is redirected to download link. How do i read URL stored in DB and redirect user to this URL in PHP, if there is no...
1
by: Tim Jones | last post by:
I have a web site where we offer MP3 downloads (yes, they are legal!). I've written a PHP script using readfile() (or fpassthru()) that sends the file using HTTP headers (via various header()...
1
KevinADC
by: KevinADC | last post by:
Note: You may skip to the end of the article if all you want is the perl code. Introduction Many websites have a form or a link you can use to download a file. You click a form button or click...
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
0
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.