Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
.shtml extension in VI
- Thread starter frogggg
- Start date
Hi mate,
You can check out the following script which allows you to simulate the use of SSI in any page.
One thing to remember, make sure that the password in your script is secure as this is a huge security thread otheriwse. The filename is enctypted depending on your password, if someone finds out this password then they have full access to any files on your machine..
Hope this helps Wullie
You can check out the following script which allows you to simulate the use of SSI in any page.
One thing to remember, make sure that the password in your script is secure as this is a huge security thread otheriwse. The filename is enctypted depending on your password, if someone finds out this password then they have full access to any files on your machine..
Hope this helps Wullie
- Thread starter
- #3
Hi mate,
All that this this tag does is pass a unix path to the cgi script and then the script decrypts it and displays the contents of the file that you specify.
For example,
Using the password "test" and file path / would give you an encypted tag something like the following.
<script src="
You place this on your page where you want the Include, and it reads that file and returns the contents (Just the same as SSI)
The security threat comes into it becuase the user can view source and see the tag (Unlike SSI) but they still won't see your password..
If a user knows your password for the script, then they could for example encrypt a path to any file on your server and then call the file directly in their browser.
Lets say that they use the path /www/ and there are multiple domains within this direcotry. The user enters the encrypted path using your password and calls it in the browser as something like
This will show them the /www/ directory and they then can browse the files held within..
If you use a good password then this eliminates this threat..
Hope this helps Wullie
All that this this tag does is pass a unix path to the cgi script and then the script decrypts it and displays the contents of the file that you specify.
For example,
Using the password "test" and file path / would give you an encypted tag something like the following.
<script src="
You place this on your page where you want the Include, and it reads that file and returns the contents (Just the same as SSI)
The security threat comes into it becuase the user can view source and see the tag (Unlike SSI) but they still won't see your password..
If a user knows your password for the script, then they could for example encrypt a path to any file on your server and then call the file directly in their browser.
Lets say that they use the path /www/ and there are multiple domains within this direcotry. The user enters the encrypted path using your password and calls it in the browser as something like
This will show them the /www/ directory and they then can browse the files held within..
If you use a good password then this eliminates this threat..
Hope this helps Wullie
- Thread starter
- #5
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question