The following code line<\/p>\n
Response.Cookies(\"test\")= \"__cf_mob_redir\"<\/pre>\nwill produce a cookie named “test” whith value “%5F%5Fcf%5Fmob%5Fredir”<\/p>\n
Perhaps is not what we wanted.<\/p>\n
Even if we could decode the result when reading the cookie that string is very ugly. Could also happen that our responsibility is limited to write the right value and someone else will take care of reading the expected value.<\/p>\n
What to do?<\/p>\n
First, is useful to know that encoding the special character _ (underscore) in ASP as chr(95)<\/span> or as HTML entity _<\/span> will not solve the situation. The same for any other special characters.<\/p>\n
Second, is better to underline that not always we want to send an html body as response, since sometimes we want just send headers. In case we want to send a body the following lines are a nice style exercise to write javascript through ASP code.<\/p>\n
Response<\/span>.<\/span>Write<\/span>(<\/span>\"<script type=\"<\/span>&<\/span>chr<\/span>(<\/span>34<\/span>)&<\/span>\"text\/javascript\"<\/span>&<\/span>chr<\/span>(<\/span>34<\/span>)&<\/span>\">\"<\/span>)<\/span>\r\njjj1 <\/span>=<\/span>\"document.cookie=\"<\/span>&<\/span>chr<\/span>(<\/span>34<\/span>)&<\/span>\"YOURcookiename=__cf_mob_redir\"<\/span>&<\/span>chr<\/span>(<\/span>34<\/span>)\r\n<\/span>Response<\/span>.<\/span>Write<\/span>(<\/span>jjj1<\/span>)\r\n<\/span>Response<\/span>.<\/span>Write<\/span>(<\/span>\"<\/script>\"<\/span>)<\/span><\/code><\/pre>\nIn this way our cookie variable value will be exactly what we wanted “__cf_mob_redir”.<\/p>\n
But what if we need absolutely to send only the headers, for example to avoid\u00a0the page be returned before being able to set the cookie and send a header response?<\/span><\/p>\n
This line is the answer.<\/p>\n
Response<\/span>.<\/span>AddHeader <\/span>\"Set-Cookie\"<\/span>, <\/span>\"nameKey=__cf_mob_redir; HttpOnly\"<\/span><\/code><\/pre>\n<\/p>\n","protected":false},"excerpt":{"rendered":"
The following code line Response.Cookies(“test”)= “__cf_mob_redir” will produce a cookie named “test” whith value “%5F%5Fcf%5Fmob%5Fredir” Perhaps is not what we wanted. Even if we could decode the result when reading the cookie that string is very ugly. Could also happen that our responsibility is limited to write the right value and someone else will take […]<\/p>\n","protected":false},"author":1,"featured_media":132,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ngg_post_thumbnail":0,"footnotes":""},"categories":[35,3],"tags":[63,36,64,58,61,60,59,62],"aioseo_notices":[],"jetpack_featured_media_url":"https:\/\/www.danieledavi.com\/blog\/wp-content\/uploads\/2014\/08\/AspClassic.png","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p90hsv-2r","jetpack-related-posts":[{"id":131,"url":"https:\/\/www.danieledavi.com\/blog\/2014\/08\/html-parser-in-classic-asp\/","url_meta":{"origin":151,"position":0},"title":"HTML Parser in Classic ASP","author":"Daniele Dav\u00ec","date":"August 28, 2014","format":false,"excerpt":"Today I'll show you a script written in classic ASP that can use some server vulnerability to provide traffic from an unaware website to another one through another unaware server. It's quite simple, so I'm not going to explain it in details. This malicious code was founded on a server,\u2026","rel":"","context":"In "Classic ASP"","block_context":{"text":"Classic ASP","link":"https:\/\/www.danieledavi.com\/blog\/category\/programming\/classic-asp\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.danieledavi.com\/blog\/wp-content\/uploads\/2014\/08\/AspClassic.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":138,"url":"https:\/\/www.danieledavi.com\/blog\/2014\/09\/how-to-use-windows-registry-in-your-net-c-application\/","url_meta":{"origin":151,"position":1},"title":"How to use Windows registry in your .Net C# application","author":"Daniele Dav\u00ec","date":"September 5, 2014","format":false,"excerpt":"In this article I will show how to read and use in your .Net C# application informations stored in\u00a0the Windows registry. First of all let's see the easiest way to store some information in the server registry. You can use the \"regedit\" command to edit the register or you can\u2026","rel":"","context":"In ".Net C#"","block_context":{"text":".Net C#","link":"https:\/\/www.danieledavi.com\/blog\/category\/programming\/dot-net-c-sharp\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.danieledavi.com\/blog\/wp-content\/uploads\/2014\/09\/csharp-image.png?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":607,"url":"https:\/\/www.danieledavi.com\/blog\/2020\/10\/product-owners-dont-need-to-be-technical-to-be-good\/","url_meta":{"origin":151,"position":2},"title":"Product owners don’t need to be technical to be good – part 1","author":"Daniele Dav\u00ec","date":"October 28, 2020","format":false,"excerpt":"Today I want to write about the product owner (PO) or product manager (PM) role and not to provide a definition or list responsibilities but address a specific myth. I am talking about the myth of the existence and the need of a technical PO.","rel":"","context":"In "Agile"","block_context":{"text":"Agile","link":"https:\/\/www.danieledavi.com\/blog\/category\/agile-2\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":791,"url":"https:\/\/www.danieledavi.com\/blog\/2021\/03\/changes-are-welcome\/","url_meta":{"origin":151,"position":3},"title":"Changes are Welcome","author":"Daniele Dav\u00ec","date":"March 10, 2021","format":false,"excerpt":"There are different levels of understanding\u00a0Agile.The first one is where you care about rules. You take every best practice, guide, book, training suggestion and you make a strict process out of context and without interpreting the reality. That's not Agile. That's you using Agile to cover your need of implementing\u2026","rel":"","context":"In "Agile"","block_context":{"text":"Agile","link":"https:\/\/www.danieledavi.com\/blog\/category\/agile-2\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":699,"url":"https:\/\/www.danieledavi.com\/blog\/2021\/02\/the-importance-of-trust-in-organisations\/","url_meta":{"origin":151,"position":4},"title":"The Importance of trust in organisations","author":"Daniele Dav\u00ec","date":"February 15, 2021","format":false,"excerpt":"Trust is a pillar for many organizations nowadays.I remember seeing on the\u00a0tv displays at the office\u00a0many times a day the ubiquitous message \"Microsoft is built on trust\" when I worked there.Many organizations following the trend come up with similar mottos, insert the trust narrative into their vision, mission, or values.\u2026","rel":"","context":"In "Agile"","block_context":{"text":"Agile","link":"https:\/\/www.danieledavi.com\/blog\/category\/agile-2\/"},"img":{"alt_text":"Not understanding the process","src":"https:\/\/i0.wp.com\/www.danieledavi.com\/blog\/wp-content\/uploads\/2021\/03\/FollowingTheprocess.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.danieledavi.com\/blog\/wp-content\/uploads\/2021\/03\/FollowingTheprocess.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/www.danieledavi.com\/blog\/wp-content\/uploads\/2021\/03\/FollowingTheprocess.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/www.danieledavi.com\/blog\/wp-content\/uploads\/2021\/03\/FollowingTheprocess.jpg?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/www.danieledavi.com\/blog\/wp-content\/uploads\/2021\/03\/FollowingTheprocess.jpg?resize=1050%2C600&ssl=1 3x"},"classes":[]},{"id":609,"url":"https:\/\/www.danieledavi.com\/blog\/2020\/10\/product-owners-dont-need-to-be-technical-to-be-good-part-2\/","url_meta":{"origin":151,"position":5},"title":"Product owners don’t need to be technical to be good – part 2","author":"Daniele Dav\u00ec","date":"October 28, 2020","format":false,"excerpt":"In part one, I wrote about the myth of existence and need of technical product owners. We left our hypothetical PO at a party answering few questions around his or her product. As we saw, the product owner needs to own the product knowledge base. If you are a PO\u2026","rel":"","context":"In "Agile"","block_context":{"text":"Agile","link":"https:\/\/www.danieledavi.com\/blog\/category\/agile-2\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"amp_validity":null,"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/www.danieledavi.com\/blog\/wp-json\/wp\/v2\/posts\/151"}],"collection":[{"href":"https:\/\/www.danieledavi.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.danieledavi.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.danieledavi.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.danieledavi.com\/blog\/wp-json\/wp\/v2\/comments?post=151"}],"version-history":[{"count":4,"href":"https:\/\/www.danieledavi.com\/blog\/wp-json\/wp\/v2\/posts\/151\/revisions"}],"predecessor-version":[{"id":156,"href":"https:\/\/www.danieledavi.com\/blog\/wp-json\/wp\/v2\/posts\/151\/revisions\/156"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.danieledavi.com\/blog\/wp-json\/wp\/v2\/media\/132"}],"wp:attachment":[{"href":"https:\/\/www.danieledavi.com\/blog\/wp-json\/wp\/v2\/media?parent=151"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.danieledavi.com\/blog\/wp-json\/wp\/v2\/categories?post=151"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.danieledavi.com\/blog\/wp-json\/wp\/v2\/tags?post=151"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}