Re: Trouble executing ActiveXObject

From: McKirahan (News_at_McKirahan.com)
Date: 09/22/04 

Date: Wed, 22 Sep 2004 11:44:45 GMT

"Don" <no@adr.com> wrote in message
news:d45uk0p4epbjsbsfhnpbcq5koac4u9kd01@4ax.com...
> I'm trying to run the following page on my desktop from my host
> server. It works just fine if I run it from my desktop, but not if I
> run it from the server. I get "Error: Permission denied". I
> understand about the security issues surrounding ActiveX, but since
> I'm not accessinig any client-side files, I would think this should
> work. Any ideas would be appreciated.
>
> Thanks,
> Don
>
>
> <html>
> <head>
> <title>Test Script</title>
> <meta http-equiv="Content-Type" content="text/html;
> charset=iso-8859-1">
> </head>
> <body>
> <script language="JavaScript" type="text/javascript">
> <!--
> //
> //
> var sCPCIndexPage1URL = [];
> var sCPCIndexPage1HTML = [];
> //
> // Get CPC index page 1
> //
> sCPCIndexPage1URL = "http://www.google.com";
> var xmlhttp = new ActiveXObject("Microsoft.XMLHTTP");
> xmlhttp.Open("Get",sCPCIndexPage1URL,false);
> xmlhttp.send();
> sCPCIndexPage1HTML = xmlhttp.responseText;
> //
> // Display page
> //
> var wind = window.open();
> wind.document.write(sCPCIndexPage1HTML);
> //-->
> </script>
> </body>
> </html>
>
>
>
> -----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
> http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
> -----== Over 100,000 Newsgroups - 19 Different Servers! =-----

I first get the following error:

"This page is accessing information that is not under its control.
This poses a security risk. Do you want to continue? [Yes] [No]"

I have Microsoft's Visual Studio installed so I am offered a debug option.

If I click "No" then I get your "Permission denied" error on the line:

    xmlhttp.Open();

Its saying that this page does not have access to this object.

I've only used this technique inside of scripts not hosted Web pages.

You might experiment with changing your browser's security settings.

Relevant Pages

  • Re: escalating IUSR to admin rights via unicode and iis4
    ... 6- Try a command line net scan that can be uploaded to the web server ... any TCP/IP connections from your host through a middle host to ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • Re: Dropping syn+fin replies, but not really?
    ... Now we're required to run external security scans on some of the hosts, and they constantly come back with a "high" or "medium" severity problem: The host replies to TCP packets with SYN+FIN set. ... Since when did "pound ssl proxy" equal "aladdin web server"? ... You can let tcpdump only show specific ports and source/destination ...
    (FreeBSD-Security)
  • Re: Why use external email hosts?
    ... > an external host when they have Exchange. ... the IP of the other server, and open up port 25 to the other server. ... from a security standpoint. ... > 3) Too little bandwidth on the internet connection. ...
    (microsoft.public.windows.server.sbs)
  • Re: Help in WMI in ASP.net application
    ... WMI is supposed to be Microsoft's implementation of WBEM, ... the only way to achieve this is by hacking and damaging security. ... can't pass it to a second server. ... Using plain text passwords in a COMponent (security risk) ...
    (microsoft.public.scripting.wsh)
  • Re: Update
    ... First what was the security risk in the first place. ... Second if you use the openSUSE updates, as soon as Novell has done the ... This update fixes three memory corruptions within the X server which ...
    (alt.os.linux.suse)