Classic ASP SQL Injection Protection

Stored Procedures and/or prepared statements: https://stackoverflow.com/questions/1973/what-is-the-best-way-to-avoid-sql-injection-attacks Can I protect against SQL Injection by escaping single-quote and surrounding user input with single-quotes? Catching SQL Injection and other Malicious Web Requests With Access DB, you can still do it, but if you’re already worried about SQL Injection, I think you need to get off Access anyway. Here’s … Read more

How can I post data using cURL in asp classic?

You can do this using the WinHttpRequest object <% Dim http: Set http = Server.CreateObject(“WinHttp.WinHttpRequest.5.1”) Dim url: url = “https://www.instamojo.com/api/1.1/payment-requests/” Dim data: data = “allow_repeated_payments=False&amount=2500&buyer_name=John+Doe&purpose=FIFA+16&redirect_url=http%3A%2F%2Fwww.example.com%2Fredirect%2F&phone=9999999999&send_email=True&webhook=http%3A%2F%2Fwww.example.com%2Fwebhook%2F&send_sms=True&email=foo%40example.com” With http Call .Open(“POST”, url, False) Call .SetRequestHeader(“Content-Type”, “application/x-www-form-urlencoded”) Call .SetRequestHeader(“X-Api-Key”, “yourvalue”) Call .SetRequestHeader(“X-Auth-Token”, “yourvalue”) Call .Send(data) End With If Left(http.Status, 1) = 2 Then ‘Request succeeded with a HTTP … Read more

How do I properly instantiate 32-bit COM objects in classic ASP after installing Windows Update KB4340558?

We were affected with multiple customers too. I ruled out invalid strong-name signing of our assemblies, since the .NET Assemblies from the Framework itself were affected by that access-denied error too. Finally I managed to solve the issue by configuration. Apparently the authenticating identity of the website has now to match the identity of the … Read more

Firefox Links to local or network pages do not work

This is the default Firefox behavior designed for security .The assumption is probably that most web sites don’t know what and where are you local files (including UNC paths). This could be turned off in firefox: type “about:config” in the address bar and accept “i’ll be careful” find “security.checkloaduri” in older versions or “security.fileuri.strict_origin_policy” in … Read more

How do you debug classic ASP?

From an MSDN blog post: http://blogs.msdn.com/mikhailarkhipov/archive/2005/06/24/432308.aspx Here is how to make ASP debugging work: Enable ASP debugging on the server. (I also added DEBUG verb to the asp extension, but I am not sure if it is required). Open classic ASP in VS 2005. Set breakpoint. View page in browser or run without debugging. Debug … Read more

Any good libraries for parsing JSON in Classic ASP? [closed]

Keep in mind that Classic ASP includes JScript as well as VBScript. Interestingly, you can parse JSON using JScript and use the resulting objects directly in VBScript. Therefore, it is possible to use the canonical https://github.com/douglascrockford/JSON-js/blob/master/json2.js in server-side code with zero modifications. Of course, if your JSON includes any arrays, these will remain JScript arrays … Read more