Solved

where is it writing to 2

Posted on 2011-02-21
7
531 Views
Last Modified: 2013-12-25
Hello. I am trying to figure out where these scripts write to. Do they write to the file where they are installed (cgi-bin) or to the folder called csv. I have established that the cgi one writes to csv but I am not sure about the parse_input file.
#this script is called parse_input
use strict;
use warnings;


unless( defined( $ARGV[0]) ){
  die "Have to provide filename, ... exiting\n";
}
my $header = [];
open INPUT, "<$ARGV[0]";
open OUTPUT, ">input.csv";
my $_line = 0;

while(<INPUT>){
 chomp;
 if($_line == 0){
   foreach my $_row (0 .. 5){
       $_ =~ s/^(.+?)\,//is;
       my $_item = "$1";
       $_item =~ s/^\s+//is;
       $_item =~ s/\s+$//is;
       $_item =~ s/^\"//is;
       $_item =~ s/\"$//is;
       $_item =~ s/\n//isg;
       $_item =~ s/\r//isg;
       print OUTPUT "\"$_item\"\,";
     }
    $_ =~ s/^\s+//is;
    $_ =~ s/\s+$//is;
    $_ =~ s/^\"//is;
    $_ =~ s/\"$//is;
    $_ =~ s/\n//isg;
    $_ =~ s/\r//isg;
    print OUTPUT "\"$_\"\n";
   }
 else{
   foreach my $_row (0 .. 2){
       $_ =~ s/^(.+?)\,//is;
       my $_item = "$1";
       $_item =~ s/^\s+//is;
       $_item =~ s/\s+$//is;
       $_item =~ s/^\"//is;
       $_item =~ s/\"$//is;
       $_item =~ s/\n//isg;
       $_item =~ s/\r//isg;     
       print OUTPUT "\"$_item\"\,";
     }
    $_ =~ s/^\s+//is;
    $_ =~ s/\s+$//is;
    $_ =~ s/^(.+?)\"\,\"//is;
    my $_text = "$1";
    $_text =~ s/^\s+//is;
    $_text =~ s/\s+$//is;
    $_text =~ s/^\"//is;
    $_text =~ s/\"$//is;
    $_text =~ s/\n//isg;
    $_text =~ s/\r//isg;
    $_text =~ s/\,/ /isg;
    print OUTPUT "\"$_text\"\,";
    $_ =~ s/^\s+//is;
    $_ =~ s/\s+$//is;
    my $_location = "";
    $_ =~ s/^(.+?)\"\,//is;
    if( defined( $1 )){
       $_location = "$1";
      }
    $_location =~ s/^\s+//is;
    $_location =~ s/\s+$//is;
    $_location =~ s/^\"//is;
    $_location =~ s/\"$//is;
    $_location =~ s/\n//isg;
    $_location =~ s/\r//isg;
    $_location =~ s/\,/ /isg;
    print OUTPUT "\"$_location\"\,";
   foreach my $_row (0 .. 1){
       $_ =~ s/^(.+?)\,//is;
       my $_item = "$1";
       $_item =~ s/^\s+//is;
       $_item =~ s/\s+$//is;
       $_item =~ s/^\"//is;
       $_item =~ s/\"$//is;
       $_item =~ s/\n//isg;
       $_item =~ s/\r//isg;
       print OUTPUT "\"$_item\"\," if $_row == 0;
       print OUTPUT "\"$_item\"\n" if $_row == 1;
     }
   }

 $_line++;

}

close INPUT;
close OUTPUT;

Open in new window

#This is a cgi script
use strict;
use warnings;
use CGI;

my $_DOCUMENT_ROOT = 
	"C\:\\HostingSpaces\\getready\\mydomain.com\\wwwroot\\csv";


opendir DIRECT, "$_DOCUMENT_ROOT";
my @filelist = grep {$_ !~ /^\./ } readdir( DIRECT );
closedir DIRECT;

my $_report = '';
my $cgi = CGI->new ;

my $_offset = defined($cgi->param("offset")) ? $cgi->param("offset") : 0;
my $_length = defined($cgi->param("length")) ? $cgi->param("length") : 20; 
my $_action = defined($cgi->param("sub")) ? $cgi->param("sub") : "";
my $_passwd = defined($cgi->param("passw")) ? $cgi->param("passw") : '';
$_passwd = ($_passwd eq "123") ? 1 : '';

$_action = '' unless $_action;
$_action = '' unless $_passwd;
if($_action){

      if(defined($cgi->upload("upload"))){
        my $filename = "$_DOCUMENT_ROOT\\Input.csv";
        my $upload_filehandle = $cgi->upload("upload");
        open OUTFILE, ">$filename";
         binmode OUTFILE;
         binmode $upload_filehandle;
         while(<$upload_filehandle>){
            print OUTFILE "$_";
          }
        close OUTFILE;
        system("perl parse_input.pl");
       }

 system("perl mainprog.pl $_offset $_length");        
 $_report = "<br><a style=\'backgrond-color: \#f2f233; color: \#770022; font: 16px Helvetica;\' href=\'\/csv\/report.csv\'> <b> Resultant CSV file  <\/b> <\/a>&nbsp; &nbsp; <a style=\'backgrond-color: \#f2f233; color: \#770022; font: 16px Helvetica;\' href=\'\/csv\/reducedreport.csv\'> <b> Resultant CSV file 2 (condensed) \ <\/b> <\/a> <br>\n";
}

print $cgi->header;
print $cgi->start_html(-title=>'Twitter statistics');
print "<div style=\'padding: 12px 12px 12px 12px;\' > <h3> CSV files <\/h3> \n <table>";
my $_k = 0;
my $_astyle = "style=\'border: 1px solid \#eef2ff; background-color: \#fffaf2; font: 14px Georgia; margin: 12px 12px 12px 12px;\'";
foreach(@filelist){
 print "<tr>" if ($_k % 3) == 0;
 print "<td> <a $_astyle href=\'\/csv/$_\' > $_ <\/a> <\/td> \n";
 print "<\/tr>" if ($_k % 3) == 2;
 $_k++;
}
print "<\/table><\/div>\n";

print "$_report\n";

print <<HERE_GOES;

<div style='padding: 12px 12px 12px 12px; margin: 12px 12px 12px 12px;
font: 14px Arial; border: 1px solid #337799; background-color: #f7faff;
color: #002233;'>

<form method='post' action='/cgi-bin/task.cgi' enctype='multipart/form-data'>
<table><tr>
<tr><td><label for='passw'> <i><b> Password: <\/b><\/i> <\/label> </td>
<td><input type='password' name='passw' value=''> </td></tr>
<tr><td><label for='upload'> <i><b> Upload another "input.csv" <\/b><\/i> </label></td>
<td><input type='file' name='upload'> </td></tr>

<tr><td><label for='offset'> <i> Offset </i> </label></td>
<td><input type='text' name='offset' value='0' style='width: 48px;'> </td> 
</tr>
<tr><td><label for='length'> <i> Length </i> </label></td>
<td><select name='length'> 
<option value='10'> 10 </option>
<option value='20' selected> 20 </option>
<option value='30'> 30 </option>
<option value='40'> 40 </option>
<option value='50'> 50 </option>
<option value='60'> 60 </option>
</select></td>                
</tr>
<tr><td colspan='2'> <input type='submit' name = 'sub' value='Submit'> 
</td></tr>
</table>
</form>
</div>
HERE_GOES

print $cgi->end_html;

Open in new window

0
Comment
Question by:onyourmark
7 Comments
 
LVL 3

Accepted Solution

by:
imaki06 earned 167 total points
ID: 34941888
Both scripts writes to file:
input.csv

First file is in the working directory.
Second file is in the directory:
C\:\HostingSpaces\getready\mydomain.com\wwwroot\csv
0
 
LVL 48

Assisted Solution

by:Tintin
Tintin earned 333 total points
ID: 34942008
parse_input will create input.csv in the CGI folder (or possibly the web root depending on the webserver and how it is conffigured)

Your CGI folder is most likelY:

C:/HostingSpaces/getready/mydomain.com/wwwroot/cgi-bin
0
 

Author Comment

by:onyourmark
ID: 34942065
Hi Tintin,
Thank you. Why are you saying it will be in the cgi-bin? By the way, you are correct about the location of the cgi folder.
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 48

Expert Comment

by:Tintin
ID: 34942180
The CGI script calls parse_input and as parse_input doesn't specify a full path for the output file, it will be created in the current working directory of the calling script.

There's a possibility it may be in:

C:\HostingSpaces\getready\mydomain.com\wwwroot

if you are using IIS.
0
 

Author Comment

by:onyourmark
ID: 34942194
Wow, cool, I guess I get it! Thank you. One more thing. Since yes I am using IIS, why is there a possibility it is wwwroot if it is IIS?
0
 
LVL 7

Expert Comment

by:whosbetterthanme
ID: 34944305
I think what TinTin was saying is that it depends on how the IIS is configured. For example, it can be configured that when someone puts in the URL http://www.yourdomain.com/cgi-bin/myscript.cgi, it actually points to C:\HostingSpaces\getready\mydomain.com\wwwroot\cgi-bin on the server.

So it depends on how the configuration is set. I would guess that it's not likely at wwwroot.
0
 
LVL 48

Assisted Solution

by:Tintin
Tintin earned 333 total points
ID: 34945795
I not sure if it applies to newer versions of IIS, but older versions like IIS6 can set the working directory of CGI programs to the web root.

This is actually valid as the CGI spec doesn't state that the folder a CGI program exists in is the same as the working directory.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

It is becoming increasingly popular to have a front-page slider on a web site. Nearly every TV website,  magazine or online news has one on their site, and even some e-commerce sites have one. Today you can use sliders with Joomla, WordPress or …
I hope you'll find this tutorial useful and interesting. So let's try to extend Tcl with a new package.  For anyone more deeply interested please check out the book "Practical Programming in Tcl and Tk". It's really one of the best written books abo…
Learn the basics of modules and packages in Python. Every Python file is a module, ending in the suffix: .py: Modules are a collection of functions and variables.: Packages are a collection of modules.: Module functions and variables are accessed us…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now