[14731] in bugtraq
Windows NT/95/98/Possible Others Denial of Service Attack.
daemon@ATHENA.MIT.EDU (Chris Knipe)
Mon May 1 01:23:09 2000
Mime-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_000B_01BFB1C6.A44AA6E0"
Message-Id: <003101bfb1d1$f91fb830$0100a8c0@internal.sunnyline.co.za>
Date: Sat, 29 Apr 2000 10:35:30 +0200
Reply-To: Chris Knipe <cgknipe@MWEB.CO.ZA>
From: Chris Knipe <cgknipe@MWEB.CO.ZA>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
This is a multi-part message in MIME format.
------=_NextPart_000_000B_01BFB1C6.A44AA6E0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Goodday Fellow Bugtraqers.
Today I come to you with a possible (And what seems to me to be quite easy
to reproduce) flaw in Microsoft's ODBC Database connectivity sources. The
attack is HTML based and should proove quite interesting on web sites that
uses DSN or DBQ methods of connecting to SQL or (The easiest to attack)
Microsoft ACCESS Databases.
Summary:
=======
A method is available to "lock up" the entire IIS Server, which will render
any installed applications under the Windows NT Option Pack useless. All
web based applications (IIS Admin Services, Web Publishing Services, and
possible others) will lock up and stop responding to any web requests, or
any control requests to stop or start such services. The vulnerability
could potentially allow a malicious web site developer to perform actions
under the ASP Programming language to render the web server useless to local
control, or content requests.
Status:
=====
Microsoft has been informed about the suspecious behaviour of ACCESS and
ODBC Database Connectivity.
Issue:
====
The Microsoft ODBC Database connectivity allows for a potential flaw in the
connecting and disconnecting from databases (More related to Microsoft
ACCESS databses than any other). Connecting to a second database without
disconnecting the first could possibly render the service useless and will
end up in the Administrator to reboot the server to regain control of such
services.
How more wildly database connections are made, how better the chances of
hitting the hole and attacking the system. The risk posed by this
vulnerability is significantly restricted by the fact that the affected
database connection may be configured to "run in a seperate memory block" or
have special settings on the database that "might" secure this vulnerability
from accuring. HOWEVER, in the most common installation and programming
methods, it is quite possible to still have an effective system.
Sample Code:
==========
Consider the following scenario:
ODBC Connection Source Name: miscdb
ODBC DataBase Type: MS Access
ODBC Path: d:\data\misc.mdb
ASP Programming:
<%
set connVB = server.createobject("ADODB.Connection")
connVB.open "DRIVER={Microsoft Access Driver (*.mdb)}; DSN=miscdb"
%>
<html>
<body>
...lots of html removed...
<!-- We Connect to DB1 -->
<%
set connGlobal = server.createobject("ADODB.Connection")
connGlobal.Open "DSN=miscdb;User=sa"
mSQL = "arb SQL Statement"
set rsGlobal = connGlobal.execute(mSQL)
While not rsGlobal.eof
Response.Write rsGlobal("resultfrommiscdb")
rsGlobal.movenext
wend
'rsGlobal.close
'set rsGlobal = nothing
'connGlobal.close
'set connGlobal = nothing
' Note we do NOT close the connection
%>
<!-- Call the same database by means of DBQ direct file access -->
<%
set connGlobal = server.createobject("ADODB.Connection")
connGlobal.Open "DRIVER={Microsoft Access Driver (*.mdb)};
DBQ=d:\data\misc.mdb"
mSQL = "arb SQL Statement"
set rsGlobal = connGlobal.execute(mSQL)
While not rsGlobal.eof
Response.Write rsGlobal("resultfrommiscdb")
rsGlobal.movenext
wend
rsGlobal.close
set rsGlobal = nothing
connGlobal.close
set connGlobal = nothing
' Note we DO close the connection
%>
In some cases, this will stall the IIS process, and CPU usage will jump to
100% utilization by the inetinfo.exe process. To current date, the only
solution to my knowledge is to restart the computer.
Solution:
======
None that I am aware of. Newest Service Packs, newest ODBC data sources,
they all seem to be affected.
Special Notes:
==========
The attack is very "unpredictable". By unpredictable, I mean that the exact
same code may work perfectly for 15 days, then all of a sudden, cpu usagage
will jump to 100% and the inetinfo process will be locked. In recent
attempts to reproduce this attack to try and clarify as to what exactly is
causing this, I have connected up to 15 different SQL and Access Databases,
all with success. The one time I reboot the NT server, and attempt to load
the pages up again, the process will lock.
Personal Viewpoints:
===============
Microsoft's only means of connecting to databases is through ODBC or direct
file access (DSN and DBQ). Whether you use ODBC or direct file access, the
process used is unstable. Certainly with this unstability, having a ODBC
enabled web site will sees to function properly if it crashes or locks up
with only one user accessing the web site. What happens when 1,000,000
people access the site on a daily basis?
I would recommend that databases be moved over from Microsoft ACCESS to
Microsoft's SQL Server, or a similar SQL server on Linux with support for
ODBC or other forms of connectivity.
Affected Version:
============
ODBC Version: 3.510.3711.0
ODBC Access Driver Version: 3.51.1029.00
OS Version: Windows NT 4.0 Service Pack 5, IIS 4.0 (i386)
Microsoft Office 97 Professional (MSO97.dll: 8.0.0.3507)
The complete ASP page from the site with affective inetinfo.exe lockage is
attached. The single DSN connection revlected in the relavent ASP source is
a SQL Server, and hardly ever gives problems. The second database, is
directly connecting (DBQ) to a Microsoft ACCESS database. NTFS File
permissions is suffiecent for the test reasons, and no security related
problems are noted in the tests. The attached ASP file locks up 90% of the
time.
SQL Table Properties:
Table Name: History_Today
Table Layout:
Name: Type: Size:
his_month int 4
his_day int 4
his_year int 4
his_desc varchar 200
his_type varchar 1
Table Name: Holidays
Table Layout:
Name: Type: Size:
Month int 4
Day int 4
Holiday int 200
The MS Access database can be made available on request. Due to the
complexity of the database (Queries, Reports, Forms, Tables) I am not going
to layout the database in this email.
Kind Regards
Chris Knipe
------=_NextPart_000_000B_01BFB1C6.A44AA6E0
Content-Type: text/asp;
name="default.asp"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
filename="default.asp"
<% Response.Buffer =3D True %>
<% mTitleColor =3D "DARKRED"=20
mHeaderColor =3D "DARKBLUE"
mYearColor =3D "DARKGREEN"
mTextColor =3D "BLACK"
mTitle =3D "2000 Years In History: "
mBaseDir =3D "/votes/"
mAnswerDir =3D "answer.asp"
mResultsDir =3D "results.asp"
mVoteBoothDir =3D "default.asp"
set connVB =3D server.createobject("ADODB.Connection")
connVB.open "DRIVER=3D{Microsoft Access Driver (*.mdb)}; =
DBQ=3DD:\inetpub\data\votes.mdb"
set rsQuestList =3D connVB.Execute("SELECT qID, qQuestion, qDate from =
Question order by qID")
mQNo =3D 0=20
%>
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; =
charset=3Diso-8859-1">
<meta name=3D"GENERATOR" content=3D"Microsoft FrontPage 3.0">
<link rel=3D"STYLESHEET" type=3D"text/css" href=3D"/style.css">
<script language=3D"JavaScript" src=3D"/global.js"></script>
<title>SunnyLine Internet Services</title>
<meta name=3D"Microsoft Border" content=3D"lb, default"></head>
<body ALINK=3D"#FF0000" topmargin=3D"0" =
leftmargin=3D"0"><!--msnavigation--><table border=3D"0" =
cellpadding=3D"0" cellspacing=3D"0" width=3D"100%"><tr><td =
valign=3D"top" width=3D"1%">
<table align=3D"left" valign=3D"top" border=3D"0" cellpadding=3D"0" =
cellspacing=3D"0" width=3D"150" bgcolor=3D"#666699" height=3D"100%">
<tr>
<td align=3D"left" valign=3D"top" nowrap bgcolor=3D"#666699"><div =
align=3D"left"><table border=3D"0" cellpadding=3D"0" cellspacing=3D"0">
<tr>
<td><form ACTION=3D"/search/search.asp" method=3D"POST">
<p><input NAME=3D"SearchString" SIZE=3D"15" MAXLENGTH=3D"100" =
value=3D"Search"><input TYPE=3D"submit" NAME=3D"Action" VALUE=3D"Go" =
class=3D"button"> </p>
</form>
</td>
</tr>
<tr>
<td><form ACTION=3D"/default.asp" METHOD=3D"POST">
<p><select NAME=3D"url" ONCHANGE=3D"pageSelector(this.form);" =
size=3D"1">
<option value=3D"#">SELECT A TOPIC </option>
<option value=3D"#">-------------- </option>
<option value=3D"/">HOME</option>
<option value=3D"/forums/"> > Web Forums</option>
<option value=3D"/links/"> > Web Links</option>
<option value=3D"/votes/"> > Voting Booth</option>
<option value=3D"/net/thebest.asp"> > The Best Of =
The Net</option>
<option value=3D"/support/">SUPPORT</option>
<option value=3D"/support/dialup/settings.asp"> > =
Dialup Settings</option>
<option value=3D"/support/tcpip/settings.asp"> > =
TCP/IP Settings</option>
<option value=3D"/support/proxy/settings.asp"> > =
Proxy Settings</option>
<option value=3D"/support/check.asp"> > Check Your =
Settings</option>
<option value=3D"/support/faq.asp"> > F.A.Q</option>
<option value=3D"/support/pops.asp"> > POP =
Numbers</option>
<option value=3D"/support/network.asp"> > Network =
Statistics</option>
<option value=3D"/services/dialup/">REMOTE ACCESS</option>
<option value=3D"/services/dialup/"> > Dialup =
Access</option>
<option value=3D"/services/dialup/vras/"> > V-RAS =
Dialup Access</option>
<option value=3D"/services/hosting/">HOSTING</option>
<option value=3D"/services/hosting/shared.asp"> > =
Shared Server Hosting</option>
<option value=3D"/services/hosting/dedicated.asp"> > =
Dedicated Server Hosting</option>
<option value=3D"/services/hosting/secure.asp"> > =
Secure Server Hosting</option>
<option value=3D"/services/corporate/">CORPORATE =
ACCESS</option>
<option value=3D"/services/corporate/leased.asp"> > =
Leased Lines</option>
<option value=3D"/services/corporate/isdn.asp"> > =
ISDN Lines</option>
<option =
value=3D"/services/corporate/isdnbackup.asp"> > ISDN Backup =
Lines</option>
<option value=3D"/services/corporate/vpn.asp"> > =
Virtual Private Networks</option>
<option =
value=3D"/services/corporate/guaranteedb.asp"> > Guaranteed Int. =
Bandwidth</option>
<option value=3D"/services/corporate/ahb.asp"> > =
After Hours Bandwidth</option>
<option value=3D"/services/corporate/multi.asp"> > =
Multi Homing</option>
<option value=3D"/services/corporate/domains.asp"> > =
Domain Registrations</option>
<option value=3D"/services/personal/">PERSONAL =
ACCESS</option>
<option value=3D"/services/personal/leased.asp"> > =
Leased Lines</option>
<option value=3D"/services/personal/isdn.asp"> > =
ISDN Lines</option>
<option value=3D"/services/personal/domains.asp"> > =
Domain Registrations</option>
<option value=3D"/security/">SECURITY SERVICES</option>
<option value=3D"/security/firewall.asp"> > =
Firewalls</option>
<option value=3D"/security/auth.asp"> > =
Authentication</option>
<option value=3D"/security/vpn.asp"> > Virtual =
Private Networks</option>
<option value=3D"/security/audit.asp"> > Audits =
& Assesments</option>
<option value=3D"/security/content.asp"> > Content =
Security</option>
<option value=3D"/security/bandwidth.asp"> > =
Bandwidth Management</option>
<option value=3D"/security/intrusion.asp"> > =
Intrusion Detection</option>
<option value=3D"/security/encryption.asp"> > =
Encryption Solutions</option>
<option value=3D"/security/public.asp"> > Public Key =
Infrastructure</option>
<option value=3D"/about/">ABOUT SUNNYLINE</option>
<option value=3D"/about/info/"> > Company =
Information</option>
<option value=3D"/about/media/"> > Media =
Center</option>
<option value=3D"/about/contact/"> > Contact =
Information</option>
</select></p>
</form>
</td>
</tr>
</table>
</div><div align=3D"left"><table border=3D"0" cellspacing=3D"0" =
cellpadding=3D"0" width=3D"178">
<tr>
<td valign=3D"top" align=3D"right" width=3D"18"><img =
SRC=3D"images/minus.gif" BORDER=3D"0"></td>
<td valign=3D"top" align=3D"left" width=3D"160"><b>Home</b></td>
</tr>
<tr>
<td valign=3D"top" align=3D"right" width=3D"18"><img =
src=3D"images/spacer.gif" width=3D"1" height=3D"1" border=3D"0"></td>
<td valign=3D"top" align=3D"left" width=3D"160"><a =
href=3D"/forums/" class=3D"link">Web Forums</a></td>
</tr>
<tr>
<td valign=3D"top" align=3D"right" width=3D"18"></td>
<td valign=3D"top" align=3D"left" width=3D"160"><a =
href=3D"/links/" class=3D"link">Web Links</a></td>
</tr>
<tr>
<td valign=3D"top" align=3D"right" width=3D"18"></td>
<td valign=3D"top" align=3D"left" width=3D"160"><a =
href=3D"/votes/" class=3D"link">Voting Booth</a></td>
</tr>
<tr>
<td valign=3D"top" align=3D"right" width=3D"18"></td>
<td valign=3D"top" align=3D"left" width=3D"160"><a =
href=3D"/net/thebest.asp" class=3D"link">The Best
Of The Net</a></td>
</tr>
<tr>
<td valign=3D"top" align=3D"right" width=3D"18"><img =
SRC=3D"images/minus.gif" BORDER=3D"0"></td>
<td valign=3D"top" align=3D"left" =
width=3D"160"><b>Support</b></td>
</tr>
<tr>
<td valign=3D"top" align=3D"right" width=3D"18"><img =
src=3D"images/spacer.gif" width=3D"1" height=3D"1" border=3D"0"></td>
<td valign=3D"top" align=3D"left" width=3D"160"><a =
href=3D"/support/dialup/settings.asp" class=3D"link">Dialup =
Settings</a></td>
</tr>
<tr>
<td valign=3D"top" align=3D"right" width=3D"18"></td>
<td valign=3D"top" align=3D"left" width=3D"160"><a =
href=3D"/support/tcpip/settings.asp" class=3D"link">TCP/IP =
Settings</a></td>
</tr>
<tr>
<td valign=3D"top" align=3D"right" width=3D"18"></td>
<td valign=3D"top" align=3D"left" width=3D"160"><a =
href=3D"/support/proxy/settings.asp" class=3D"link">Proxy =
Settings</a></td>
</tr>
<tr>
<td valign=3D"top" align=3D"right" width=3D"18"></td>
<td valign=3D"top" align=3D"left" width=3D"160"><a =
href=3D"/support/check.asp" class=3D"link">Check
Your Settings</a></td>
</tr>
<tr>
<td valign=3D"top" align=3D"right" width=3D"18"></td>
<td valign=3D"top" align=3D"left" width=3D"160"><a =
href=3D"/support/faq.asp" class=3D"link">F.A.Q</a></td>
</tr>
<tr>
<td valign=3D"top" align=3D"right" width=3D"18"></td>
<td valign=3D"top" align=3D"left" width=3D"160"><a =
href=3D"/support/pops.asp" class=3D"link">POP
Numbers</a></td>
</tr>
<tr>
<td valign=3D"top" align=3D"right" width=3D"18"></td>
<td valign=3D"top" align=3D"left" width=3D"160"><a =
href=3D"/support/network.asp" class=3D"link">Network
Statistics</a></td>
</tr>
<tr>
<td valign=3D"top" align=3D"right" width=3D"18"><img =
SRC=3D"images/minus.gif" BORDER=3D"0"></td>
<td valign=3D"top" align=3D"left" width=3D"160"><b>Remote =
Access</b></td>
</tr>
<tr>
<td valign=3D"top" align=3D"right" width=3D"18"><img =
src=3D"images/spacer.gif" width=3D"1" height=3D"1" border=3D"0"></td>
<td valign=3D"top" align=3D"left" width=3D"160"><a =
href=3D"/services/dialup/" class=3D"link">Dialup
Access</a></td>
</tr>
<tr>
<td valign=3D"top" align=3D"right" width=3D"18"></td>
<td valign=3D"top" align=3D"left" width=3D"160"><a =
href=3D"/services/dialup/vras/" class=3D"link">V-RAS
Dialup Access</a></td>
</tr>
<tr>
<td valign=3D"top" align=3D"right" width=3D"18"><img =
SRC=3D"images/minus.gif" BORDER=3D"0"></td>
<td valign=3D"top" align=3D"left" =
width=3D"160"><b>Hosting</b></td>
</tr>
<tr>
<td valign=3D"top" align=3D"right" width=3D"18"></td>
<td valign=3D"top" align=3D"left" width=3D"160"><a =
href=3D"/services/hosting/shared.asp" class=3D"link">Shared Server =
Hosting</a></td>
</tr>
<tr>
<td valign=3D"top" align=3D"right" width=3D"18"></td>
<td valign=3D"top" align=3D"left" width=3D"160"><a =
href=3D"/services/hosting/dedicated.asp" class=3D"link">Dedicated Server =
Hosting</a></td>
</tr>
<tr>
<td valign=3D"top" align=3D"right" width=3D"18"></td>
<td valign=3D"top" align=3D"left" width=3D"160"><a =
href=3D"/services/hosting/secure.asp" class=3D"link">Secure Server =
Hosting</a></td>
</tr>
<tr>
<td valign=3D"top" align=3D"right" width=3D"18"><img =
SRC=3D"images/minus.gif" BORDER=3D"0"></td>
<td valign=3D"top" align=3D"left" width=3D"160"><b>Corporate =
Access</b></td>
</tr>
<tr>
<td valign=3D"top" align=3D"right" width=3D"18"></td>
<td valign=3D"top" align=3D"left" width=3D"160"><a =
href=3D"/services/corporate/leased.asp" class=3D"link">Leased =
Lines</a></td>
</tr>
<tr>
<td valign=3D"top" align=3D"right" width=3D"18"></td>
<td valign=3D"top" align=3D"left" width=3D"160"><a =
href=3D"/services/corporate/isdn.asp" class=3D"link">ISDN Lines</a></td>
</tr>
<tr>
<td valign=3D"top" align=3D"right" width=3D"18"></td>
<td valign=3D"top" align=3D"left" width=3D"160"><a =
href=3D"/services/corporate/isdnbackup.asp" class=3D"link">ISDN Backup =
Lines</a></td>
</tr>
<tr>
<td valign=3D"top" align=3D"right" width=3D"18"></td>
<td valign=3D"top" align=3D"left" width=3D"160"><a =
href=3D"/services/corporate/vpn.asp" class=3D"link">Virtual Private =
Networking</a></td>
</tr>
<tr>
<td valign=3D"top" align=3D"right" width=3D"18"></td>
<td valign=3D"top" align=3D"left" width=3D"160"><a =
href=3D"/services/corporate/guaranteedb.asp" class=3D"link">Guaranteed =
Int. Bandwidth</a></td>
</tr>
<tr>
<td valign=3D"top" align=3D"right" width=3D"18"></td>
<td valign=3D"top" align=3D"left" width=3D"160"><a =
href=3D"/services/corporate/ahb.asp" class=3D"link">After Hours =
Bandwidth</a></td>
</tr>
<tr>
<td valign=3D"top" align=3D"right" width=3D"18"></td>
<td valign=3D"top" align=3D"left" width=3D"160"><a =
href=3D"/services/corporate/multi.asp" class=3D"link">Multi =
Homing</a></td>
</tr>
<tr>
<td valign=3D"top" align=3D"right" width=3D"18"></td>
<td valign=3D"top" align=3D"left" width=3D"160"><a =
href=3D"/services/corporate/domains.asp" class=3D"link">Domain =
Registrations</a></td>
</tr>
<tr>
<td valign=3D"top" align=3D"right" width=3D"18"><img =
SRC=3D"images/minus.gif" BORDER=3D"0"></td>
<td valign=3D"top" align=3D"left" width=3D"160"><b>Personal =
Access</b></td>
</tr>
<tr>
<td valign=3D"top" align=3D"right" width=3D"18"></td>
<td valign=3D"top" align=3D"left" width=3D"160"><a =
href=3D"/services/personal/leased.asp" class=3D"link">Leased =
Lines</a></td>
</tr>
<tr>
<td valign=3D"top" align=3D"right" width=3D"18"></td>
<td valign=3D"top" align=3D"left" width=3D"160"><a =
href=3D"/services/personal/isdn.asp" class=3D"link">ISDN Lines</a></td>
</tr>
<tr>
<td valign=3D"top" align=3D"right" width=3D"18"></td>
<td valign=3D"top" align=3D"left" width=3D"160"><a =
href=3D"/services/personal/domains.asp" class=3D"link">Domain =
Registrations</a></td>
</tr>
<tr>
<td valign=3D"top" align=3D"right" width=3D"18"><img =
SRC=3D"images/minus.gif" BORDER=3D"0"></td>
<td valign=3D"top" align=3D"left" width=3D"160"><b>Security =
Services</b></td>
</tr>
<tr>
<td valign=3D"top" align=3D"right" width=3D"18"></td>
<td valign=3D"top" align=3D"left" width=3D"160"><a =
href=3D"/services/security/firewall.asp" =
class=3D"link">Firewalls</a></td>
</tr>
<tr>
<td valign=3D"top" align=3D"right" width=3D"18"></td>
<td valign=3D"top" align=3D"left" width=3D"160"><a =
href=3D"/services/security/auth.asp" =
class=3D"link">Authentication</a></td>
</tr>
<tr>
<td valign=3D"top" align=3D"right" width=3D"18"></td>
<td valign=3D"top" align=3D"left" width=3D"160"><a =
href=3D"/services/security/vpn.asp" class=3D"link">Virtual Private =
Networks</a></td>
</tr>
<tr>
<td valign=3D"top" align=3D"right" width=3D"18"></td>
<td valign=3D"top" align=3D"left" width=3D"160"><a =
href=3D"/services/security/audit.asp" class=3D"link">Audits & =
Assessments</a></td>
</tr>
<tr>
<td valign=3D"top" align=3D"right" width=3D"18"></td>
<td valign=3D"top" align=3D"left" width=3D"160"><a =
href=3D"/services/security/content.asp" class=3D"link">Content =
Security</a></td>
</tr>
<tr>
<td valign=3D"top" align=3D"right" width=3D"18"></td>
<td valign=3D"top" align=3D"left" width=3D"160"><a =
href=3D"/services/security/bandwidth.asp" class=3D"link">Bandwidth =
Management</a></td>
</tr>
<tr>
<td valign=3D"top" align=3D"right" width=3D"18"></td>
<td valign=3D"top" align=3D"left" width=3D"160"><a =
href=3D"/services/security/intrusion.asp" class=3D"link">Intrusion =
Detection</a></td>
</tr>
<tr>
<td valign=3D"top" align=3D"right" width=3D"18"></td>
<td valign=3D"top" align=3D"left" width=3D"160"><a =
href=3D"/services/security/encryption.asp" class=3D"link">Encryption =
Solutions</a></td>
</tr>
<tr>
<td valign=3D"top" align=3D"right" width=3D"18"></td>
<td valign=3D"top" align=3D"left" width=3D"160"><a =
href=3D"/services/security/public.asp" class=3D"link">Public Key =
Infrastructure</a></td>
</tr>
<tr>
<td valign=3D"top" align=3D"right" width=3D"18"><img =
SRC=3D"images/minus.gif" BORDER=3D"0"></td>
<td valign=3D"top" align=3D"left" width=3D"160"><b>About =
SunnyLine</b></td>
</tr>
<tr>
<td valign=3D"top" align=3D"right" width=3D"18"><img =
src=3D"images/spacer.gif" width=3D"1" height=3D"1" border=3D"0"></td>
<td valign=3D"top" align=3D"left" width=3D"160"><a =
href=3D"/about/info/" class=3D"link">Company
Information</a></td>
</tr>
<tr>
<td valign=3D"top" align=3D"right" width=3D"18"></td>
<td valign=3D"top" align=3D"left" width=3D"160"><a =
href=3D"/about/media/" class=3D"link">Media
Center</a></td>
</tr>
<tr>
<td valign=3D"top" align=3D"right" width=3D"18"></td>
<td valign=3D"top" align=3D"left" width=3D"160"><a =
href=3D"/about/contact/" class=3D"link">Contact
Information</a></td>
</tr>
</table>
</div></td>
</tr>
<tr>
<td height=3D"100%" valign=3D"top" align=3D"center"><img =
src=3D"images/spacer.gif" width=3D"50" height=3D"50"></td>
</tr>
</table>
<p> </p>
</td><td valign=3D"top" width=3D"24"></td><!--msnavigation--><td =
valign=3D"top">
<div align=3D"left">
<table border=3D"0" cellpadding=3D"0" cellspacing=3D"0" width=3D"100%">
<tr>
<td width=3D"83%"><img src=3D"sunlogo.gif" width=3D"306" =
height=3D"59" border=3D"0"></td>
<td width=3D"17%" align=3D"right" valign=3D"top"><%=20
Response.Write tolongMonth(datepart("m", date())) & " " =
& datepart("d", date()) & ", " & datepart("yyyy", date())
Response.Write "<br>"
set connGlobal =3D =
server.createobject("ADODB.Connection")
connGlobal.Open "DSN=3DSunnyLine;User=3Dsa"
mSQL =3D "SELECT Month, Day, Holiday FROM Holidays " & _
" WHERE Day =3D " & Day(date()) & _
" AND Month =3D " & Month(date()) & _
" ORDER BY Holiday "
set rsGlobal =3D connGlobal.execute(mSQL)
While not rsGlobal.eof
=09
Response.Write rsGlobal("Holiday")
=09
rsGlobal.movenext
=20
wend
rsGlobal.close
set rsGlobal =3D nothing
=20
connGlobal.close
set connGlobal =3D nothing
%>
</td>
</tr>
</table>
</div>
<table border=3D"0" cellpadding=3D"0" cellspacing=3D"0">
<tr>
<td valign=3D"top" align=3D"left" width=3D"220"><span =
class=3D"head1">In The News:</span><u><strong><br>
</strong></u>
<applet CODE=3D"CoolHeadLines.class" NAME=3D"CoolHeadLines" =
CODEBASE=3D"/applets/" WIDTH=3D"220" HEIGHT=3D"90">
<param name=3D"BackColor" value=3D"255 255 255">
<param name=3D"HiliteTextColor" value=3D"60 179 113">
<param name=3D"MessageDelay" value=3D"4">
<param name=3D"ScrollDelay" value=3D"10">
<param name=3D"TextColor" value=3D"0 0 0">
<param name=3D"URLPrefix" value=3D"<%=3DGetPrefixValue()%>"><% =
ListParams %>
</applet>
</td>
<td valign=3D"top" align=3D"left"><p class=3D"head1">Voting =
Polls:</p>
<table ALIGN=3D"CENTER" CELLPADDING=3D"5" WIDTH=3D"100%">
<% do while not rsQuestList.eof=20
mQNo =3D mQNo + 1 %>
<tr>
<td VALIGN=3D"CENTER"><form ACTION=3D"<% =3DmBaseDir & =
mAnswerDir%>" METHOD=3D"POST">
<input type=3D"hidden" name=3D"mAnswerDir" value=3D"<% =
=3DmAnswerDir %>"><input type=3D"hidden" name=3D"mResultsDir" =
value=3D"<% =3DmResultsDir %>"><input type=3D"hidden" name=3D"mBaseDir" =
value=3D"<% =3DmBaseDir %>"><input type=3D"hidden" =
name=3D"mVoteBoothDir" value=3D"<% =3DmVoteBoothDir %>"><input =
type=3D"hidden" name=3D"mQuestion" value=3D"<%=3DrsQuestList("qID") =
%>"><input type=3D"hidden" name=3D"mNumber" value=3D"<% =3DmQNo =
%>"><p><input type=3D"submit" value=3D"<% =3Dchr(64 + cint(mQNo)) %>. " =
class=3D"button"> </p>
</form>
</td>
<td VALIGN=3D"BOTTOM"><% response.write rsQuestList("qQuestion") =
& "</TD></TR>"=20
rsQuestList.movenext=20
Loop
%>
</td>
</tr>
</table>
<% =20
rsQuestList.Close
set rsQuestList =3D Nothing
=09
connVB.Close
set connMB =3D Nothing
%>
</td>
</tr>
</table>
<p><%
set connGlobal =3D server.createobject("ADODB.Connection")
connGlobal.Open "DSN=3DSunnyLine;User=3Dsa"
mSQL =3D "SELECT his_type, his_year, his_desc FROM History_Today " & _
" WHERE his_day =3D " & Day(date()) & _
" AND his_month =3D " & Month(date()) & _
" ORDER BY his_type, his_year "
set rsGlobal =3D connGlobal.execute(mSQL)
response.write "<FONT COLOR =3D " & mTitleColor & " SIZE =3D =
'+1'><B>" & mTitle & _
"</b></FONT><BR><BR>"
response.write "<FONT COLOR =3D " & mHeaderColor & =
"><B>Birthdays:</b></FONT>"
=20
mType =3D "B"
response.write "<TABLE WIDTH =3D '100%'>"
=20
while not rsGlobal.eof
=20
if rsGlobal("his_type") <> mType then=20
mType =3D "E" =09
response.write "</TABLE><BR><FONT COLOR =3D " & mHeaderColor & =
"><B>Events:</b></FONT>"
response.write "<TABLE WIDTH =3D '100%'>"
end if
=09
response.write "<TR VALIGN =3D TOP><TD ALIGN =3D RIGHT WIDTH =3D =
'5%'><FONT COLOR =3D " & _
mYearColor & " SIZE =3D '-1'><B> " & =
rsGlobal("his_year") & "</b></font></td>"
response.write "<TD WIDTH =3D '95%'><FONT COLOR =3D " & mTextColor & " =
SIZE =3D '-1'>" & rsGlobal("his_desc") & "</FONT></td></tr>"
=09
rsGlobal.movenext
=09
wend
response.write "</TABLE>"
=20
rsGlobal.close
set rsGlobal =3D nothing
=20
connGlobal.close
set connGlobal =3D nothing
%>=20
<!--msnavigation--></td></tr><!--msnavigation--></table><!--msnavigation-=
-><table border=3D"0" cellpadding=3D"0" cellspacing=3D"0" =
width=3D"100%"><tr><td>
<div align=3D"center"><center>
<table border=3D"0" cellpadding=3D"0" cellspacing=3D"0" width=3D"562">
<tr>
<td align=3D"center" width=3D"462"><p align=3D"center"><img =
src=3D"images/linux_ride.gif" WIDTH=3D"460" HEIGHT=3D"55"></td>
</tr>
<tr>
<td align=3D"center" width=3D"462"><p align=3D"center"><img =
src=3D"images/button_rp7.gif" WIDTH=3D"88" HEIGHT=3D"32"><img =
src=3D"images/ie_horiz.gif" WIDTH=3D"88" HEIGHT=3D"31"></td>
</tr>
<tr>
<td align=3D"center" width=3D"462"><p align=3D"center"><span =
class=3D"nonu">=A92000 SunnyLine
Internet Services.</span></td>
</tr>
</table>
</center></div>
<p> </p>
</td></tr><!--msnavigation--></table></body>
</html>
<%
Function toLongMonth(pInInteger)
mMonth =3D "Not Found"
if isNumeric(pInInteger) then
select case pInInteger
case 1: mMonth =3D "January"
case 2: mMonth =3D "February"
case 3: mMonth =3D "March"
case 4: mMonth =3D "April"
case 5: mMonth =3D "May"
case 6: mMonth =3D "June"
case 7: mMonth =3D "July"
case 8: mMonth =3D "August"
case 9: mMonth =3D "September"
case 10: mMonth =3D "October"
case 11: mMonth =3D "November"
case 12: mMonth =3D "December"
end select
end if =20
toLongMonth =3D mMonth
End Function
Function GetPrefixValue
Dim strFullPath, strLastChar
strFullPath =3D "http://"
strFullPath =3D strFullPath & Request.ServerVariables("SERVER_NAME")
strFullPath =3D strFullPath & Request.ServerVariables("PATH_INFO")
strLastChar =3D ""
Do Until strLastChar =3D "/"
strLastChar =3D right(strFullPath, 1)
strFullPath =3D left(strFullPath, len(strFullPath) - 1)=09
Loop
GetPrefixValue =3D strFullPath
End Function
Sub ListParams
On Error Resume Next
Dim fso, prFile, intFileNum, strTitle, strLink,strCategory
intFileNum =3D 0
=09
Set fso =3D Server.CreateObject("Scripting.FileSystemObject")
Set prFile =3D fso.OpenTextFile(Server.MapPath("pr/prFileList.txt"))
If Err.Number <> 0 Then
Exit Sub
End If
=09
Do Until prFile.AtEndOfStream
strTitle =3D Chr(34) & prFile.ReadLine & Chr(34)
If prFile.AtEndOfStream Then Exit Do
strLink =3D Chr(34) & prFile.ReadLine & Chr(34)
strCategory =3D prFile.ReadLine=20
response.write "<PARAM NAME=3DText" & intFileNum & " VALUE=3D" & =
strTitle & ">" & Chr(13)
response.write "<PARAM NAME=3DURL" & intFileNum & " VALUE=3D" & strLink =
& ">" & Chr(13)
intFileNum =3D intFileNum + 1
Loop
=09
Response.Write "<PARAM NAME=3DNumItems VALUE=3D" & intFileNum & ">" & =
Chr(13)
End Sub
%>
------=_NextPart_000_000B_01BFB1C6.A44AA6E0--
