Cross-Site Scripting

**VantageX4** · Jan 15, 2005, 22:07

Does anyone know of any code for "cross-site" scripting? I want to access a directory from another site and run the files through a while loop to put them in a mysql database.

This is because my files are one server, and my site is on another. The reasoning for the setup ois that the site can become very slow with the file downloads, and theres also limited space on the server I'm hosting hte pages on.

**HardCoded** · Jan 15, 2005, 22:16

Look at FTP Functions

**VantageX4** · Jan 15, 2005, 22:31

Is FTP the only option? I have a weird problem with FTP on my server in that only the local IP address works, as opposed to 65.97.19.150.

**HardCoded** · Jan 15, 2005, 22:35

Is FTP the only option?

Maybe not. Is the home server running apache? If so I suppose you could read in and parse the directory index over HTTP.

**VantageX4** · Jan 15, 2005, 22:39

It is. How would this be accomplished? There's no index file for it, so I can't parse that...what do you suggest?

**HardCoded** · Jan 15, 2005, 22:45

Then you can't. Fix your NAT router and use FTP. Or use the auto-generated DirectoryIndex in apache.

**VantageX4** · Jan 15, 2005, 22:51

No, I'm saying I do have apache, but that I don't know how to use the DirectoryList. Could you suggest some PHP functions, or maybe a tutorial?

**HardCoded** · Jan 15, 2005, 22:56

Do you have any virtual hosts on the server or is it a stock setup?

**VantageX4** · Jan 15, 2005, 22:58

It's stock.

**VantageX4** · Jan 15, 2005, 23:53

Yeah I attempted the FTP, it didnt work. Whats your idea on apache's directory list parsing?

**HardCoded** · Jan 16, 2005, 00:21

First get indexes to work. Add a line like this in httpd.conf and restart apache:

Code:

<Directory />
    Options Indexes
    AllowOverride None
</Directory>

**VantageX4** · Jan 16, 2005, 00:29

It's already there.

**HardCoded** · Jan 16, 2005, 00:30

Then do you have any directives further down that would turn Indexes off?

**VantageX4** · Jan 16, 2005, 00:34

Not to my knowledge. Directory Indexing is on, I just don't know how to parse it.

**VantageX4** · Jan 16, 2005, 09:37

Alright, I'm back, sorry. So do you know how to accomplish it?

**HardCoded** · Jan 16, 2005, 09:58

So then you'd read the directory index in with fgets() or similar and parse the file with preg_match().

**VantageX4** · Jan 16, 2005, 10:03

Well, I have actually looked in to learning how to use regular expression, but I can't figure it out. Seems to be over my head. How would I "match" names of 100+ files anyway?

**HardCoded** · Jan 16, 2005, 10:11

Look at preg_match_all(). If you can match one, you can match billions of them. They all get stored in a nice two dimensional array that you can manipulate to your heart's content.

**VantageX4** · Jan 16, 2005, 10:19

What will the array look like? This is a hell of a lot more complicated than i thought it would be. I don't know how to use arrays either.

**HardCoded** · Jan 16, 2005, 10:42

Sorry, I don't have time to write the script for you. RTFM , try writing some code, come up with some more specific questions, and I'll be glad to help.

User Tag List

Thread: Cross-Site Scripting

Thread Tools

Display

Cross-Site Scripting

Bookmarks

Bookmarks

Posting Permissions