Solved

# ASP - Domain availibility check

Posted on 2007-07-30
1,552 Views
HI,

A was programming ASP this week end and I found this very nice and popular script for domain availability check. (See below). The problem is, it does not seem to work well with .ca, .us .uk .info .biz .tv etc. Any .com .net or .org is working fine. Why? I just can't find the solution. Is there any other script available for this need or a way to make this one efficient?

Thanks

START SCRIPT
========================
<%
If request.form("domain")<>"" then

' Intruduce the url you want to visit
GotothisURL = "http://www." & request.form("domain")

' Create the xml object
Set GetConnection = CreateObject("Microsoft.XMLHTTP")
' Conect to specified URL
GetConnection.Open "get", GotothisURL, False
on error resume next
GetConnection.Send

' ResponsePage is the response, then print it out to the page

' Write response
if ResponsePage="" then
Response.write("This domain name may be available")
else
Response.write("This domain name is taken")
end if

Set GetConnection = Nothing

else
%>
<form method=post action=<% =request.servervariables("URL") %>>
<input type=text name=domain size=15 value="domain.com">
<input type=submit value="Find domain name">
</form>
<% end if %>

======================
END SCRIPT
0
Question by:SirTKC

LVL 3

Author Comment

HI,

I found out that if a domain is redirected this script is not working and return "This domain name may be available" option. So i guess i need ASP script that will look for a "whois" more then availability instead.

Is there a known good example on how to do it ?

Thanks
0

LVL 29

Expert Comment

There are 5 regional Internet registries, each of whom has their own whois database.  (http://en.wikipedia.org/wiki/Regional_Internet_Registry)

Were you using a *nix server you could execute a whois look up from the command shell and return the results to your web page.

If you are on a server you control, it is possible to call the wscript shell from ASP to execute a windows cmd shell command and return a status code.  Unfortunatly, whois is not a command in windows.

Your script simply checks if a default web page exists for a given domain, which tells you nothing about domain availability. I personally have a dozen domains which have no default pages and in fact go no where.  e.g. no IP for the domain.

http://www.rodsdot.com/ee/arin_whois.asp

Is an example for using ASP to directly query the ARIN registry.

Using that, you should find it easy to direct queries at other registries.

0

LVL 3

Author Comment

Hi,

Thanks for your suggestion. However, I have tried it with a couple of .ca and .net domain and it is not working. From what I understand, ARIN is the search the North American registry. So why it does not return any result from these top level domain extension?

Another Idea I got si simply ping the domain and If I get an IP for a particular domain, Can I assume that it exist ? And where can I find the ASP Code to do it - Just getting a response without the TTL info.

0

LVL 29

Expert Comment

Actually, after posting the first code I remembered you need a bunch of weird swithches to pass for lookup by domain name...the help file is on the site.

Pinging the domain will tell you nothing about the availability of domain name (e.g. if it is registered or not.)

And yes that is only one of five registries, and you need to check each.

Another option in InterNIC.  One stop shopping for whois info, except it times out more than 9 time out of ten.

http://www.rodsdot.com/ee/whois_ajax.asp maybe more to your liking.  However, you will need permission from the person hosting the whois server tool before I can release the entire code.
0

LVL 29

Assisted Solution

This list may provide a suitable whois target server for the above script.

OR

You can run PERL on Windows (IIS) and many Windows hosts offer PERL and/or allow cgi-bin files.  So you could use the above with something like:

http://www.cpan.org/authors/id/Q/QO/QOS/Networking/IPLU_v3_0.plx so that you are calling your own server and not using other peoples resources.

OR

There are WHOIS clients for Windows you could install on your IIS machine, however a hosting provider probably would not allow that.

Freeware: http://www.gena01.com/win32whois/

And if you rely on a windows command line WHOIS tool, here is how to
An example of calling a command shell from ASP, but there are potential security roadblocks.

<%
Dim wshell, intReturn
set wshell = server.createobject("wscript.shell")
intReturn = wshell.run("%comspec% /c dir *.* > c:\test.txt", 0, True)
Response.Write( intReturn )
set wshell = nothing
%>

The server settings must be loose and this won't work on most shared hosting servers, for obvious reasons.

Another example...calling a ping, pipeing the out put to a file and the reading the results from that file, also requires the same server settings as the above script:

<%
Dim objFSO, objShell, objTempFile, objTextFile

Set objFSO = Server.CreateObject("Scripting.FileSystemObject")
Set objShell = Server.CreateObject("Wscript.Shell")
objName = objFSO.GetTempName
objTempFile = objName
objShell.Run "cmd /c ping -n 3 -w 1000 64.126.4.193 >" & _
objTempFile, 0, True
Set objTextFile = objFSO.OpenTextFile(objTempFile, 1)
Do While objTextFile.AtEndOfStream <> True
If Instr(strText, "Reply") > 0 Then
End If
Loop
objTextFile.Close
objFSO.DeleteFile(objTempFile)
%>

And the permission required is for IUSR_machine to have execute permissions on command.com, which of course could allow a remote user to completely destroy your machine if their is ANY vulnerability that would allow them to inject code on your server.
0

LVL 3

Author Comment

I do have complete control on the server and it is IIS 6.0.  I will explore you suggestion Rod. This is the one that comes close to what I am looking for.

I already downloaded the exe file available on the website. I've tried it and got pretty detailed results out of my search. But what I don't understand is that its not an installer i got but an exe file ?
0

LVL 3

Author Comment

I shall have mentioned that the exe file I've tried is the WIN32WHOIS.
0

LVL 29

Expert Comment

Well if IUSR_machine has execute permissions on the exe, and you have windows script host installed on the server, then call your program like the ping example:

objShell.Run "WIN32WHOIS.EXE domain.com > whois.txt", 0, True

or maybe

objShell.Run "cmd /c WIN32WHOIS.EXE domain.com > whois.txt", 0, True

Then use the FileSystemObject to open, read and/or parse the data as needed.
0

LVL 29

Expert Comment

This is why I'm running PHP along side ASP on the IIS boxes I control.  This is simple from PHP, and you can get the results in your ASP pages using client side XMLHTTP.
0

LVL 29

Expert Comment

FWIW, someone's selling essentially the same code I posted for $10 on one of the script sites to get results from WHOIS.NET, however I'm not seeing anything in WHOIS.NET that allows that use of their server. If you are doing a few queries, maybe it isn't an issue but if your page would be doing bulk lookups, I'm pretty certain WHOIS.NET is going to block your IP and/or demand you stop using their servers in that way. I'm just not qualified to say. Google code search shows people using some of my original code without following the CC attribution, on the other hand many people also ask for commercial licenses. I'm generally not in the mood to bother the ones I found without attribution, but if for example people query my example for above from a form on their server, I'll ban their IP. It gets touch when you use someone else's resources and bandwith without asking. So I'm glad your going to try to do this on your server. You may have to open a new question re: windows scripting in the Windows Server area to get your proper permissions set up. 0 LVL 51 Expert Comment > I found out that if a domain is redirected this script is not working and return "This domain name may be available" option. if you get a redirect, then the domain is used for sure > .. ARIN .. So why it does not return any result from these top level domain extension? 'cause the registry is *mainly* responsible for that region but also may or may not hold the information of a specific domain for historical reason > .. simply ping the domain and If I get an IP for a particular domain, Can I assume that it exist ? depends on the system where you issue the ping command *and* the implementation of ping. I'd argue that anything on windoze is unreliable for your purpose while most *x systems will work as you expect ;-) > Pinging the domain will tell you nothing about the availability of domain name (e.g. if it is registered or not.) sorry, that's not really true. If ping resolves names (see my previous comment) reliable, then you know that it must be registered. According your problem/question: "whois" I agree with previous suggestions that you have to query the all (5) well known registrars for your domain. Then parse the result and check if any returned if it is registrated. As most whois services deny multiple queries (for good reason:) this will be a tricky program. I'd go another way and simply use nslookup (probably not on windoze, for obvious reason see above) or better dig and query the DNS. Any registered domain should be found this way in a very short time (< 1sec). KISS - keep it simple stupid BTW, you're using the domain value from your form totally unchecked, I guess that you're aware that this will open your form for countless web application attacks such as XSS, website spoofing and much more ... 0 LVL 3 Author Comment ahoffman, I find your comment very interesting. I am myself an adept of the KISS rule. What do you suggest me to use (please refer to a URL for a detailed documentation) that would fit in a windozer environment. I might NOT KISS you for that but certainly be very grateful !! :-) 0 LVL 51 Expert Comment get a version of dig for your system, then we can provide a simple command line for you, best you also get grep or egrep too If you want to have all in one script, I'd use perl for that ... . 0 LVL 3 Author Comment All right, I did my home work ! I got myself a copy of DIG, installed it, did what they say at http://members.shaw.ca/nicholas.fong/dig/ Tried it using CMD prompt just to make sure and it worked beautifully. I have to mention that it worked very well also with .ca domains. What's next sir ? I am anxious to see how this is going to work with all these different domain extensions ! TIME TO LEARN :-) 0 LVL 51 Expert Comment ok, we need to parse dig's output Do you prefer windoze standard tool (will become cumbersome), I'd suggest that you install gawk also. As I don't have any windoze, please post output of a dig command for an existing domain, and for a non-existing domain, the I'll give the proper command line to make the checks. 0 LVL 3 Author Comment Hi, Sorry for the delay in my response. But here is the information you requested. What is gawk? DIG'S OUTPUT ========================================================== [EXISTING DOMAIN] C:\DIG>dig google.com ; <<>> DiG 9.3.2 <<>> google.com ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 773 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;google.com. IN A ;; ANSWER SECTION: google.com. 241 IN A 64.233.167.99 google.com. 241 IN A 72.14.207.99 google.com. 241 IN A 64.233.187.99 ;; Query time: 78 msec ;; SERVER: 10.0.0.2#53(10.0.0.2) ;; WHEN: Wed Aug 08 14:04:37 2007 ;; MSG SIZE rcvd: 76 =========================================================== [NON EXISTING DOMAIN] C:\DIG>DIG nonexistingdomainblablabla.com ; <<>> DiG 9.3.2 <<>> nonexistingdomainblablabla.com ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 1188 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;nonexistingdomainblablabla.com. IN A ;; AUTHORITY SECTION: com. 900 IN SOA a.gtld-servers.net. nstld.verisi gn-grs.com. 1186596452 1800 900 604800 900 ;; Query time: 156 msec ;; SERVER: 10.0.0.2#53(10.0.0.2) ;; WHEN: Wed Aug 08 14:07:45 2007 ;; MSG SIZE rcvd: 121 0 LVL 51 Expert Comment dig whatever.tld | gawk '((NF==5)&&($3=="IN")&&($4=="A")){print$1" exists"}'
0

LVL 3

Author Comment

I am sorry but... what is it ?

1. Do I need to install gawk on our server in order to execute this line of code ?
2. Where do i put this code ? on my ASP page?
0

LVL 51

Expert Comment

oops, lost the focus on this thread, it be should ASP, sorry.
Is ASP the requirement, or could it be anything else?
0

LVL 3

Author Comment

Actually, a solution remains a solution. For sure I will seek for a solution in a language I am familiar with. But down the road, if nothings suite our needs I will certainly listen to any other solution that will be compatible with our Win SBS 2003 with IIS 6.0. Any IT manager will try to avoid - as much as they can - to install all bunch of scripting languages on the same web site - this is really cumbersome ;-) But I am always willing to learn and discover new frontiers ! If not, I wouldn't be doing that job ;-)

The DIG you made me install (on my workstation for testing purposes) is just great, but in CMD. If you have a method to make this usable via our website, you'll be our genius of the day !

Keep your focus ! hahaha !!

Many thanks for your patience and help !!!!!!!!
0

LVL 51

Expert Comment

ok, lets wait for ASP gurus first ;-)
0

LVL 3

Author Comment

Well they don't show up...
If you know a trick to call them, let me know ! ;-)
0

LVL 51

Expert Comment

meanwhile, 'til gurus join, you may install gawk http://gnuwin32.sourceforge.net/packages/gawk.htm and test if my suggestion is worth to be improved ..
0

LVL 3

Author Comment

Okay, Gawk is installed and where do i plug this line of code you provided ?
I still have no clue what gawk is...
0

LVL 3

Author Comment

I have tried this line of code in CMD and i got the following result;

){PRINT WAS UNEXPECTED AT THIS TIME.
0

LVL 51

Expert Comment

damn, forgot that it is windoze ... please try following in cmd.exe:
dig whatever.tld | gawk "((NF==5)&&($3=='IN')&&($4=='A')){print $1' exists'}" 0 LVL 3 Author Comment I,ve tried it and it returns that: "gawk" is not a recognized as a program or batch file... some sort of message... 0 LVL 29 Expert Comment Would be easier I think to simply pipe the output from dig to a file and open that file in your ASP page using the File System Object. e.g. dig google.com > did.txt You're still going to need to execute a wscript shell from you ASP page to execute dig and following that with a FSO to open and parse the file isn't going to be difficult. Even with gawk, you still need to call the script shell to execute the line and won't have returned the results to your ASP page. So either way you'll need FSO. FWIW. 0 LVL 29 Expert Comment Would be easier I think to simply pipe the output from dig to a file and open that file in your ASP page using the File System Object. e.g. dig google.com > did.txt You're still going to need to execute a wscript shell from you ASP page to execute dig and following that with a FSO to open and parse the file isn't going to be difficult. Even with gawk, you still need to call the script shell to execute the line and won't have returned the results to your ASP page. So either way you'll need FSO. FWIW. 0 LVL 3 Author Comment I read your point. How would I pipe this output through an ASP page? And grab the TXT file content back into the result page? 0 LVL 51 Expert Comment > .. "gawk" is not a recognized as a program or batch file .. you either need to use x:\full\path\to\gawk.exe or add x:\full\path\to\ to your PATH environment variable > Would be easier I think to simply pipe the output from dig to a file and open that file in your ASP page using the File System Object. could ASP no start dig itself? 0 LVL 29 Expert Comment >could ASP no[t] start dig itself? Yes...see the post http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/ASP/Q_22729632.html#a19605715 above. But I don't think you are going to get any results from the command passed back to the ASP page. 0 LVL 51 Expert Comment > But I don't think you are going to get any results from the command passed back to the ASP page. LOL, someone told me that this is a modern language/tool, I guess I'll stick on 42+ year-old pipes :-]] *SCNR* 0 LVL 3 Author Comment When we assist, powerless, to the collision of two philosophies... :-) BUT ! We may run DIG using ASP, this I can understand this one. Can we parse the parameters (query like: DIG mydomain.tld) to DIG thru ASP and THEN, output the results to a TXT file that ASP will read afterward and bring the results to the web page? In order to make more functional, we could give RWD rights in order to use always the same file (meaning same parameters in ASP). Is this possible, or I do have hallucinations ? 0 LVL 51 Accepted Solution don't know the syntax of ASP, but if there is something like: Set ex = Server.CreateObject("ASPExec.Execute") ex.Application = "dig.exe" ex.Parameters = ">%TEMP%\dig.txt" Response.Write ex.ExecuteDosApp you should be fine (just to show the exec call). 0 LVL 29 Expert Comment >BUT ! We may run DIG using ASP, this I can understand this one. >Can we parse the parameters (query like: DIG mydomain.tld) to DIG thru ASP >and THEN, output the results to a TXT file that ASP will read afterward >and bring the results to the web page? When you execute the command, the command writes its results to a text file...no need for ASP to do that. Then ASP reads the newly created file. You could use gawk to parse the return from dig and pipe its results to a file, or you could simply pipe the results of the dig to a file and use ASP to parse the results. I don't see the need for GAWK, but that is simply a matter of taste. >In order to make more functional, we could give RWD rights in order to use always the same file (meaning same parameters in ASP). Exactly. Without a helper DLL you have the WSCRIPT host object to execute you command and pipe the results to a TXT file. Then you read and parse the file with the File System Object. The ASPExec object mentioned by ahoffmann was a dll file made available by the Server Objects company, and could be easier to setup and use than the WSCRIPT shell. Unfortunately, I no longer see that product listed on their web site. Below is a link to an article using that object to execute a command script and then using the File System Object to verify the date of the file created from the command script. http://www.4guysfromrolla.com/webtech/072199-2.shtml 0 LVL 29 Expert Comment >LOL, someone told me that this is a modern language/tool, I guess I'll stick on 42+ year-old pipes :-]] ASP is orphaned, and MS intended it to be used with ActiveX (which opened up a big can of worms.) Without those OCX or DLL objects it had little built in server side interaction. 0 LVL 3 Author Comment Hi guys, Sorry for my late reponse, I've been away from my desk for a while. Let me recap this all, I can install DIG on the server where the website is running. 1- Using ASP, I can run DIG by sending a request containing my whois search. 2- Dig in return will return the results to the same TXT file (write or overwrite the existing one) 3- Then ASP will grab this information and pipe the results to the web page at the great satisfaction of the visitor and the web master (of course). If the ASPExec is no longer available, is there another path to do that? A piece of code as example will help for sure ! Thanks ! 0 LVL 29 Expert Comment <% Dim wshell, intReturn set wshell = server.createobject("wscript.shell") intReturn = wshell.run("%comspec% /c dig whatever.tld > c:\Inetpub\wwwroot\yourpath\digresults.txt", 0, True) Response.Write( intReturn ) set wshell = nothing %> intReturn should be zero (if I recall correctly) upon successful execution. You'll need dig to have execute permissions for the IUSR_machinename account, and the path to dig should be in the PATH environment variable or specified when you execute the command. Similarly IUSR_xxxxxxxx needs read, write on the text file, and I would not put that file in the root web. 0 LVL 3 Author Comment Hi, I've never felt so close to the goal... I did deployed and tested DIG on our server 2003. It worked A1. DIG is installed on the C drive in the DIG folder IUSR account has been granted read and execute to the DIG folder and its content I have created a txt file in the path C:\Inetpub\wwwroot\FSO with the RW permission to IUSR I have created an ASP page with this code. ========================================================= <%@LANGUAGE="VBSCRIPT" CODEPAGE="1252"%> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title>Untitled Document</title> </head> <body> <% Dim wshell, intReturn set wshell = server.createobject("wscript.shell") intReturn = wshell.run("%comspec% /c dig google.com > C:\Inetpub\wwwroot\FSO\dig.txt", 0, True) Response.Write( intReturn ) set wshell = nothing %> </body> </html> ========================================================= And it returned ; Microsoft VBScript runtime error '800a0046' Permission denied /dig.asp, line 14 With the appropriate permissions settled, Is this related to IIS 6.0 tighter permissions ? What the googa am i doing wrong? 0 LVL 29 Expert Comment >Permission denied Then either one of two things happened. Either the interactive user (whether IUSR_MachineName or an authenticated user) does not have permissions to the file or folder being executed; or, the interactive user does not have permissions to one or more of the commands being called within the file. Don't get caught up in the common assumption that IUSR_machineName is included in the "Everyone" group... and don't just give "Everyone" full access to this folder, or put IUSR in the Administrators group. You have to explicitly give IUSR permissions to file, folder, and anything else that the command has to touch. See http://support.microsoft.com/default.aspx/kb/311481 if you are running IIS 6 0 LVL 29 Expert Comment Make sure IUSR_xxxxxxxxx has permisions to read/execute on cmd.exe and wscript.exe as well. If that doesn't get it then you can try www.sysinternals.com to get their file monitoring program for free that will give you access denied reports. 0 LVL 3 Author Comment I gaved permission to these two exe files. Matter of fact now I don't get any error. I just "1" on my asp page in response to this Dim wshell, intReturn set wshell = server.createobject("wscript.shell") intReturn = wshell.run("%comspec% /c dig microsoft.com > C:\Inetpub\wwwroot\FSO\dig.txt", 0, True) Response.Write( intReturn ) set wshell = nothing I already installed FileMon because it lead me to this track an hour ago. I get these 9:40:15 PM w3wp.exe:8048 QUERY INFORMATION C:\inetpub\wwwroot\dig.asp BUFFER OVERFLOW FileAllInformation 9:40:15 PM cmd.exe:1256 DIRECTORY C:\windows\system32\inetsrv\ NO SUCH FILE FileBothDirectoryInformation: dig"* 9:40:15 PM cmd.exe:1256 DIRECTORY C:\windows\system32\inetsrv\ NO SUCH FILE FileBothDirectoryInformation: dig 9:40:15 PM cmd.exe:1256 DIRECTORY C:\WINDOWS\system32\ NO SUCH FILE FileBothDirectoryInformation: dig"* 9:40:15 PM cmd.exe:1256 DIRECTORY C:\WINDOWS\system32\ NO SUCH FILE FileBothDirectoryInformation: dig 9:40:15 PM cmd.exe:1256 DIRECTORY C:\WINDOWS\ NO SUCH FILE FileBothDirectoryInformation: dig"* 9:40:15 PM cmd.exe:1256 DIRECTORY C:\WINDOWS\ NO SUCH FILE FileBothDirectoryInformation: dig 9:40:15 PM cmd.exe:1256 DIRECTORY C:\WINDOWS\System32\Wbem\ NO SUCH FILE FileBothDirectoryInformation: dig"* 9:40:15 PM cmd.exe:1256 DIRECTORY C:\WINDOWS\System32\Wbem\ NO SUCH FILE FileBothDirectoryInformation: dig 9:40:15 PM cmd.exe:1256 DIRECTORY C:\Program Files\Microsoft SQL Server\80\Tools\Binn\ NO SUCH FILE FileBothDirectoryInformation: dig"* 9:40:15 PM cmd.exe:1256 DIRECTORY C:\Program Files\Microsoft SQL Server\80\Tools\Binn\ NO SUCH FILE FileBothDirectoryInformation: dig 0 LVL 3 Author Comment You can check it out here http://art-systems.net/dig.asp 0 LVL 3 Author Comment This link does not apply http://support.microsoft.com/default.aspx/kb/311481 It is application mapping for file extension settings 0 LVL 29 Expert Comment I think you are almost there. Is dig writing the text file? If not, is dig in your path and have IUSR_xxxxxx read/write permissions? 0 LVL 3 Author Comment No dig is not writing the TXT file. It have the IUSR_xxxxx read/write permissions? But I miss the "dig in your path" part. Is this should be ; 1. on the c drive directly ? 2. in the windows\system32 folder ? 3. at the same location as the txt file ? When I type in the command window the exact same string as you provided, it write the TXT file. But in ASP it won't. I know I feel this solution at my grasp !! 0 LVL 3 Author Comment I want to add this observation. The TXT file is cleared by the ASP Script ! If there is any content on this file, it'll be erased by the script execution, but in return, it does not write the query response in this TXT file. In fact it should replace what's already there instead of erasing it ... (???) 0 LVL 51 Expert Comment if you can run dig using wshell and parse the result in ASP, I'd do it with wshell completely and let ASP only display the result Response.Write(wshell.run("%comspec% /c dig microsoft.com | gawk \"((NF==5)&&($3=='IN')&&($4=='A')){print$1' exists'}\"", 0, True))

' Note1: don't know how to escape " inside wshell.run, I assumed \"
' Note2: you probably need to use full paths to dig.exe and gawk.exe

In the end I don't see what ASP should be good for in this scenario ...
0

LVL 3

Author Comment

I don't plan to Response.Write all the information to the web page but give instead a positive answer only if the domain is available and then offer the the option to request the registration process OR if it's unavailable then ask to make a new search.

I have seen many registrars using scripts that suggest alternatives with slight variances of the targeted domain search. I don't plan to go as far. I found these script on the NET but they were all products you need to purchase (and wayyyyy to expensive).

ON another hand, I read so much on this possibility of running a .exe or .bat using ASP and then parse the results over a web page that I believe DIG should do the job without the need of adding another process such GAWK. ( I am a purist - the less the better on Windows).

However, I went as far as making DIG reaching that TXT file. It erase its content but it does not write to it the results of the domain check. In return on my ASP page I get  the number "1" displayed but this number doesn't even exist on the TXT file... I am quit lost...

NOTE: I don't know how to edit the wshell.run string. I don't even know what's the "0" and the "True" stands for :-/ and I have read that playing with it may drop your server into a infinite loop that will end into a crash. Scary...

On my next steps will be to try another EXE (any that will parse information back to my web page) and see. It might be related to this BUFFER OVERFLOW I get in FileMon (see above) I don't know but something is sure - I WONT QUIT !

Thanks :-)

0

LVL 3

Author Comment

10:24:16 AM      w3wp.exe:5836      OPEN      C:\inetpub\wwwroot\dig.asp      SUCCESS      Options: Open  Access: Read
10:24:16 AM      w3wp.exe:5836      QUERY INFORMATION      C:\inetpub\wwwroot\dig.asp      SUCCESS      FileFsVolumeInformation
10:24:16 AM      w3wp.exe:5836      QUERY INFORMATION      C:\inetpub\wwwroot\dig.asp      BUFFER OVERFLOW      FileAllInformation
10:24:16 AM      w3wp.exe:5836      CLOSE      C:\inetpub\wwwroot\dig.asp      SUCCESS
0

LVL 3

Author Comment

Here is what I've tried

Dim wshell
set wshell = server.createobject("wscript.shell")
Response.Write(wshell.run("%comspec% /g dig microsoft.com", 0, True))
set wshell = nothing

Response = "1"

Dim wshell
set wshell = server.createobject("wscript.shell")
Response.Write(wshell.run("%comspec% /g dig microsoft.com", 0, False))
set wshell = nothing

Response = "0"
0

LVL 3

Author Comment

NOTE: I have moved the DIG.EXE to the "G" drive.
0

LVL 3

Author Comment

Here is now the test I made

set wshell = CreateObject("WScript.Shell")
wshell.run "%COMSPEC% /C dir c:\ > C:\Inetpub\wwwroot\FSO\dig.txt", 0, TRUE
set wshell = nothing

set fso = CreateObject("Scripting.FileSystemObject")
set fs = fso.openTextFile("C:\Inetpub\wwwroot\FSO\dig.txt", 1, TRUE)
fs.close: set fs = nothing: set fso = nothing

++ it work beautifuly ++

NOW THIS

set wshell = CreateObject("WScript.Shell")
wshell.run "%COMSPEC% /C dig microsoft.com c:\ > C:\Inetpub\wwwroot\FSO\dig.txt", 0, TRUE
set wshell = nothing

set fso = CreateObject("Scripting.FileSystemObject")
set fs = fso.openTextFile("C:\Inetpub\wwwroot\FSO\dig.txt", 1, TRUE)
fs.close: set fs = nothing: set fso = nothing

++ GIVES ME :
Microsoft VBScript runtime  error '800a003e'

Input past end of file

/dig.asp, line 26

wHICH line 26 is  response.write replace(replace(fs.readall,"<","<"),vbCrLf,"<br>")

So it can write the TXT file. It's just not parsing the results to the text file.

I also tried WHOIS, TRACERT, PING and they failed.
WHOIS the same error (800a003e)
TRACERT AND PING = "Bad parameters response"
0

LVL 3

Author Comment

Bingo !!

Description of solution is provided here
http://art-systems.net/domaincheck.html
Try it and see the results.

Now I just need to script it in order to catch the answer and display a conditionnal message. (I dont't want to display the whole junk information on my page but a nice something depending on the result).

I guess this is something else for the EE ? :-)

Many thanks to ahoffmann & rdivilbiss !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
0

LVL 29

Expert Comment

Sorry, I wasn't able to respond as much as I would like, but business has me tied up many hours of the day.
0

LVL 3

Author Comment

Don't be sorry biss ! We all have our businesses running ! If I could have to, I would have gave you both 500 & ++ !

Now that I got this thing workin, I now need to treat that information into something readable for common mortals, if you know what I mean.

Lets close this thread and start another one !

0

LVL 29

Expert Comment

I'm so glad you got it working,
0

LVL 3

Author Comment

0

LVL 51

Expert Comment

--------------
<%
''Dim objExecutor, sResult
'Create the server-side object
''Set objExecutor = Server.CreateObject("ASPExec.Execute")
''Set the application name 'For NT systems, it's "cmd.exe"
'If you're running something else then I think you know
'what it is :)
''objExecutor.Application = "cmd.exe"
'Now set the parameters, very important!
....

Dim Executor, strResult
Set Executor = Server.CreateObject("ASPExec.Execute")
Executor.Application = "cmd /c dig > c:\inetpub\wwwroot\FSO\dig.txt"
Executor.Parameters = request.Form("mydomain")
strResult = Executor.ExecuteDosApp
Response.Write "<pre>" & strResult & "</pre>"

Dim fso, fs
set fso = CreateObject("Scripting.FileSystemObject")
set fs = fso.openTextFile("C:\Inetpub\wwwroot\FSO\dig.txt", 1, TRUE)
fs.close: set fs = nothing: set fso = nothing
%>
--------------

and that is the serial number of the C: disk where you store dig.asp and dig.txttxt
68B1-6A84

If so, I guess you need to disable the script immediately and make some data validation in your script before you put it online again.
0

LVL 3

Author Comment

Yes this is part of the code I used
and NO this is not the serial of the HD where these files are stored.

I guess you're trying to raise a security issue ? If yes, can you be more specific ?

Thanks
0

LVL 3

Author Comment

dear ahoffmann,

If you go back to this web page, I think you'll be very proud of me. ;-)
I didn't wait and added a server side validation.

http://art-systems.net/domaincheck.html

I hope there is no other security hole !! :-O
0

LVL 51

Expert Comment

looks much better, but still some issues ;-)
Id simply add a regex which rejects any input not matching   /[a-zA-Z0-9.-]+/
0

## Featured Post

### Suggested Solutions

I recently decide that I needed a way to make my pages scream on the net.   While searching around how I can accomplish this I stumbled across a great article that stated "minimize the server requests." I got to thinking, hey, I use more than one…
I would like to start this tip/trick by saying Thank You, to all who said that this could not be done, as it forced me to make sure that it could be accomplished. :) To start, I want to make sure everyone understands the importance of utilizing p…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…