javascript hack

[hvle]

For all javascript experts out there.

 

Is it possible make a web page that when user visited, the javascript on the page submit a pre-defined file (ie C:/windows/data.dat) to a predefined php script?

 

 

[mainewoods]

C:/windows/data.dat

javascript cannot access a local file, it can only access server files through ajax

[hvle]

C:/windows/data.dat

javascript cannot access a local file, it can only access server files through ajax

 

that's true, but how can ajax access server file?  What I meant access is read/write directly to file, not post/get.

[jaymc]

No to your question, javascript cant interact with windows in regards to security and files

 

have a link on your site called "cLICK_HERE_TO_DOWNLOAD_THIS,iTS_NOT_A_virus_honsetly.EXE"

 

mORE CHANCE of screwing someone with that

[mainewoods]

ajax can 'call' a php file on the server using the normal ajax connection, and that php file will execute.  Now that php file can do anything php has the power to do on your web host including create and read and write files on the server using 'fopen'.

 

It is possible for the user to go to a form on your web page, select a file from his computer using the 'browse' in connection with one of those form fields, and then that file is uploaded to the server using ajax.  Your server language, like php, can then install that file anywhere you want on your web site.

 

It is not possible, however, for javascript to access and upload a file on the users home machine to the server without the users direct interaction!  Nor are you allowed to download and install anything on the clients home machine without their direct interaction like clicking on a link that then pops up an alert box asking 'run file or save file?'.  If either of those things were allowed, the security dangers on the web would literally be thousands of times greater!