Register | Login | |||||
Main
| Memberlist
| Active users
| Calendar
| Chat
| Online users Ranks | FAQ | ACS | Stats | Color Chart | Search | Photo album |
| |
0 users currently in Programming. |
User | Post |
HyperHacker Posts: 269/5072 |
I dunno how you'd do it in a CGI script, but just filtering '..' from the path should work. On a Windows system you might need to block ':' too to stop using absolute paths (C:\), not really sure. |
emcee Posts: 71/867 |
True, however depending where you put the script you may want access to a higher directory. I was thinking putting something like this before accessing files (after extracting $pass from $ENV{'QUERY_STRING'}, preferably with CGI.pm for better security):
unless(crypt('pass','xx') eq 'encryptedpass') { die('access denied'); } Doesn't matter really though since he hasn't replied he likely doesn't have cgi access and/or doesn't know what I'm talking about. That and you've been banned so you probably won't even read this. |
Vystrix Nexoth Posts: 13/14 |
if ($dir =~ /\.\./ or $dir =~ /^\//) { That'll sort out a number of problems. |
emcee Posts: 55/867 |
Do you have cgi access?
If so try this (make sure to save it as index.pl): #!/usr/local/bin/perl Really this isn't a very secure solution however, since you can browse the entire server, rather than just your files, but it wouldn't be to hard to add a password. |
Young Guru Posts: 33/279 |
Well, i guess the only other server that I was used to using was my highschool server which was run by one of the students. I think I remember not having to worry about capitalization so I guess he might've changed that in our server. |
FreeDOS + Posts: 99/1312 |
If they have an index.html fed automatically by the server, then no you can't. (The Konqueror thing only works for protocols that give you the files directly, eg FTP or locally stored things)
By the way, just about every server is case-sensitive. It's not just your school's server. |
Young Guru Posts: 32/279 |
I use firefox and I run my website off my school server. It's just that the server is really anal and if you don't capitalize everything correctly it doesn't work, so when I'm not at my computer where I can directly access my files it's sometimes hard to remember how to get to some files. But it appears that it can't be done cause I've looked through all my folders and I'm not seeing a .htaccess file. Thanks for the help. |
HyperHacker Posts: 216/5072 |
That depends. Are you trying to view a directory on a server or your hard drive? Or are you setting up a site? AFAIK no server system will give you a directory listing if an index page exists (unless you trick it somehow); it's a bit of a security concern. However, when I view my own HD in Firefox via file:///, it always lists them.
If you want to set up a directory that still lists its contents with an index page, I think .htaccess has such a setting. Or you could rename the index page. |
Vystrix Nexoth Posts: 9/14 |
That's a browser question, not an HTML question. I know in Konqueror it's under View -> Use index.html, but I'm going to go out on a limb and guess that you're actually using Windows/Internet Explorer... in which case I don't know what needs to be done, though I recall something about "View as web page" but can't find anything to that effect on this machine. |
Sukasa Posts: 59/2068 |
So far as I know, you can't. Sorry. |
Young Guru Posts: 30/279 |
Is there anyway to see the contents of a directory in a browser if the directory has an index.html file in it? |