Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

disguising a cgi as a javascript: HOTSHOTS TAKE A STAB!

Status
Not open for further replies.
platypus55

platypus55

Programmer
Aug 15, 1999
32
0
0
US
this guy is providing dynamic content that can be accessed from any server. He does it like this...<br>
<br>
&lt;script language='javascript'<br>
src='<A HREF=" TARGET="_new"><br>
As you see, it looks like parameters are being passed to a js. I never heard of parameters being passed to a js THAT way but what do I know. Oneliners is the name of a database of his that he randomly pulls a one-liner out of. This has to be PERL, not JS. If you hack a little, you see that the &quot;javascript&quot; is just pure vainilla HTML. If you leave off a parameter, the HTML has '' where that parameter is supposet to go. This SMELLS like PERL. I know WHAT he is doing, just the details are a little fuzzy because I can't see the actual perl code. <br>
<br>
Given that the js is located in his bin directory, I am guessing it is actually a perl script that GENERATES the HTML<br>
Can ALL servers that support cgi do this? Because if they can, this is quite powerful. <br>
<br>
I tried to disguise one of my perl scripts as a javascript in a straightforward way and it didn't work. Would it perhaps be a serverside include? You normally can only do serverside includes on your own server, but if this can be made to work, you can effectively export dynamic content anywhere, which is exacctly what he is doing and what I also want to do. <br>
<br>
I asked him how he did this and he just said &quot;hee hee.&quot; So<br>
no help from him.<br>
<br>
I will keep hacking on it and answer my own question if no one else figures it out first. <br>
<br>
Please if someone can figure out this would they let me know.<br>
I am cross posting this in the PERL forum also. Thanks.
 
Sort by date Sort by votes
<br>
I'm no perl guru so I didn't exactly understand what you are trying to do.<br>
<br>
Are you trying to simply print the java script in the cgi file? Because you can have java script in a cgi file just like you can have html.<br>
<br>
And yes, all servers that support perl enables you to create cgi files that can generate html<br>
<br>
tony
 
Upvote 0 Downvote
Could be a couple of things going on here...<br>
<br>
First, I'm presuming the &quot;straightforward way&quot; you disguised your perl script was to rename &quot;myscript.pl&quot; to &quot;myscript.js&quot;? If so, then it's extremely possible that the web server is checking the file extension (.js) to see if it's a valid file to be executed. If &quot;.js&quot; isn't in it's &quot;safe to run&quot; list, it won't be running it...<br>
<br>
Second thing is that there is such a thing as server-side Javascript. ie, Javascript that runs on the server and sends it's results to the client. (I believe that one of Netscape's original goals for Javascript was write-once, run everywhere. Hence pinching the &quot;Java&quot; bit when renaming their scripting technology.)<br>
<br>
If memory serves, you just specify a link as in your example, and the browser reads the Javascript file and runs it. However, I don't think you'd be able to see the code that was produced if you &quot;View Source&quot; in your browser. The parameters that are passed in the link should appear to the script as standard CGI type parameters...<br>
<br>
One thing to remember if you do try to do things this way is that the script should be placed in a directory that is <b>not</b> known to the server as a CGI directory. ie, don't put it in your usual &quot;cgi-bin&quot; directory. If it is placed in a named CGI directory, the server will try to parse it and fail. (Although, it's very possible that a module might exist for your web server that will process and run server side Javascript...) The &quot;bin&quot; directory in the link in your example will be a standard directory. There's likely to also be a &quot;/perl&quot;, &quot;/cgi-bin&quot; or something similar on the server as well...<br>
<br>
However, I've got to say, this isn't something I've ever tried to do myself, so you might need to experiment if you give it a try :)
 
Upvote 0 Downvote
I think it's actually a little simpler that that. The guy simply reconfigured Apache to parse .js files as Perl or PHP or some server-side scripting language. The Javascript source file is actually a server-side script that outputs the text of a javascript command, with variables such as color, etc.. being passed in the URL, along with the quote, being called from the database. His process takes three steps: browser request with variables, server output of .js file with variables and quote, then Javascript doing a document.write to display the data in the browser window. The only thing coming from the database is the quote, while the rest is simply being passed along as variables. A clever way to reduce server processing to the bare minimum.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

newbie1238585
  • Locked
  • Question
Perl how to read string in csv file * as wildcard operator
Replies
2
Views
110
mikrom
mikrom
Dino_1000
  • Locked
  • Question
Use the perl debugger to dump all the data in a string variable
Replies
0
Views
78
Dino_1000
Dino_1000
dan
  • Locked
  • Question
add a variable to subject in formmail.pl
Replies
6
Views
97
feherke
feherke
Limbomusic
  • Locked
  • Question
Perl files getting accessed directly
Replies
0
Views
66
Limbomusic
Limbomusic
ss_ham
  • Locked
  • Question
in Perl find call looking to exclude folder and ignore duplicate finds.
Replies
2
Views
73
ss_ham
ss_ham

Part and Inventory Search

Sponsor

Back
Top