File with the extension of ".ehi" content is not readable - file

Has anyone encountered a file that has an extension of ".ehi" before?
If I open it using Wordpad, its contents are not readable strings.
What app should I use in order to open this file type?

What is an EHI file?
Config file used by HTTP Injector, an Android app used to modify
requests and access blocked websites behind firewall with SSH support
and proxy server; contains settings that configure HTTP Injector,
which includes server login credentials and security/locking
information.
Based on this information, it makes sense that the data isn't stored in plain text. The credentials are likely encrypted or otherwise stored in an obfuscated format to help prevent unauthorized access.
Source: https://fileinfo.com/extension/ehi

Related

Upload file is not working using AngularJS on lighttpd server

In my current project we are using lighttpd server. Here I am trying to upload the file. I am getting two Response Headers, first is with 301 Status code (Moved Permanently) and second is with 200 (OK).
But when I am checking in the folder I am not able to find any file (I mean no file uploaded).
I have tried both way to upload file as given links below:
http://jsfiddle.net/danialfarid/0mz6ff9o/135/
ngFileUpload
https://jsfiddle.net/JeJenny/ZG9re/
In both way I am getting the same response.
So here I have some sort of questions:
1) Is file upload is possible using AngularJS only? (No Server Side Script)
2) If possible, Is there any config problem with lighttpd?
Thanks !
Need Help...
The server side (or any web server) must be configured to handle POST and PUT requests. CGI, FastCGI, SCGI scripts can be written, or you can proxy to another backend. For simple file uploads, lighttpd also provides mod_webdav which you can configure (and protect with mod_auth) to allow you to upload files without having to write any server-side code.
https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModWebdav

Is it possible to upload a file with malicious filename?

Is it possible to send a http upload request a file to a Apache or IIS that will have a fileName with "../" or ".." that wouldn't be rejected and would be passed to php or ASP.Net engine?
Not really the way you are asking. By the time it gets to the server the browser has read the file and delivered it as a chunk of content with no information about where it came from other than the original file name which you can choose to use or discard.
Generally file uploads go into a temporary storage place (e.g. /tmp) and then need to be moved out of there to somewhere which you can control and name.
This storage is configured on the server, and so any attempt to put path info into the filename should also be blocked by the file upload implementation of the server which should sanitise the filenames again if the browser didn't already do so.
If there's a bug then all bets are off though.

symphony datasource error

When creating a data source that pulls from any of my sections and pressing "create data source", I get the following error:
Forbidden
You don't have permission to access /symph-page/symphony/blueprints/datasources/new/ on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
Strangely, if I pull from the system or provide custom xml, the data source is created fine and I don't get the previous message. Running symphony 2.3 on server that should be meeting the technical requirements. I have run Symphony before and never encountered this sort of issue.
It sounds like you need to change the workspace/data-sources directory file permissions so that the web server user can write files into it.
For example, on a Linux server (777 may not be necessary and depends on your webserver's configuration):
chmod 777 /symph-page/symphony/blueprints/datasources
If you access the server via FTP, your FTP client will probably let you do this.
Edit: Re-reading your question, I think I was mistaken in saying this is a workspace writing permissions issue. I don't recognise the "blueprints" directory path. Does this directory exist within your installation, and does your webserver have read permissions?
You might also want to make sure that you .htaccess file is present.

Use HTTP POST to send file to IIS 7.5 virtual directory

Is it possible to allow HTTP clients to USE HTTP POST (with Content-Type: multipart/form-data) to upload image files to an IIS 7.5 virtual directory without writing server-side code?
Without server-side code, that is not possible. If HTTP POST is a requirement, you need to write code. Otherwise, configure an FTP site on your IIS installation.
If you really need HTTP, consider WebDav:
http://www.windowsnetworking.com/articles_tutorials/webdav-iis.html
http://learn.iis.net/page.aspx/350/installing-and-configuring-webdav-on-iis/
If you enable public write access in IIS with WebDAV, you can upload files using HTTP PUT requests.
More info.
There are lots of different WAYS you can handle this on the server side ... but all of them involve writing some kind of "code".
SUGGESTION:
Maybe a little asp.net script might be the ticket?
http://msdn.microsoft.com/en-us/library/aa479405.aspx

How can I allow a Silverlight client application to access a text file on an Apache server, but not allow browser access?

I have a Silverlight 4 application that I am running embedded on a web page. I would like to allow the Silverlight client to download a settings file by doing something like:
Uri url = new Uri(#"config\settings.xml", UriKind.Relative);
WebClient client = new WebClient();
client.DownloadStringCompleted += new DownloadStringCompletedEventHandler(client_DownloadStringCompleted);
client.DownloadStringAsync(url);
But ideally, I want to return a 403 Forbidden error if the user tries to access the file directly in a browser by visiting http://www.mywebsite.com/config/settings.xml
Is this possible using .htaccess?
Accessing the file from Silverlight or from a web browser looks the same to a web server, so there's not much you can do to guarantee users won't gain access. The best you can do is obfuscate the steps it takes to get the file.
One thing you could do is to turn on HTTP Watch/Firebug/Wireshark and see if the Silverlight client sends any special HTTP headers identifying that it's Silverlight making the web requests. If you can identify something unique, you can configure your web server accordingly so that only requests with that header are allowed.
If there is no such header, another option is to use some sort of authentication. The credentials would be stored in the Silverlight client, so it wouldn't really be that secure, but again, you'd be obfuscating how to get the file.
You could also choose to compile the file into the client instead of accessing it over the web.
Edit:
It doesn't look look like Silverlight sends any identifying headers. You could always append headers to your requests "manually" through your code.
Silverlight will retrieve data via a http request, as it is run client side. There will always be a way to access that file, unless Silverlight can use a custom http agent (which I could not find any reference to), then you can not restrict access.

Resources