Of course, not all program code security vulnerabilities are attributed to Web server software. For example, if you are using a typical installation of Widows NT Option Pack 4.0, the installer will install exploration Air, which is a Web application program that is available to ASP programmers as an example. The showcode.asp file of widows NT Option Pack 4.0 will display the original program code of the Exploration Air sample site neatly. Since there is no strict permission checking procedure in the program, an experienced visitor can guess the file name and the directory path, and he can use showcode.asp to read any file in the file system.
The hacker can just use a URL string in his browser to specify the correct file name and the directory path as a showcode.asp parameter. For example, the following URL allows the hacker to see the original program code inside the Default.asp on the 10.11.11.15 server:
http://10.11.11.15/msadc/Samples/SELECTOR/showcode.asp?source=/
Msadc/samples/.. /.. /.. /.. /.. /inetpub/wwwroot/default.asp
Msadc/samples/selector/showcode.asp This is an FSO example program, the main purpose is to teach you how to use the FSO to View the Source of ASP, although the program can only be view/msadc/samples/under the File. But use MapPath to go back to the previous layer of syntax to crack. (You can use a series of ". /"To jump to the top of the file system, and then steal the files from other directories, which, of course, have to be accessed first." )
Set up a friend of the server can try this Link, try to see the file under your root directory, if you can, then you should pay attention to!
One of the security vulnerabilities in IIS 5.0 is to use the. HTR control Module (handler) to parse the security vulnerabilities of file capabilities. Internet Service Manager for IIS uses Ism.dll to process. htr files. IIS itself uses Asp.dll to process ASP files. Using the. HTR security vulnerabilities, hackers can handle any file (including. asp files,. asa files, and so on) with Ism.dll instead of asp.dll processing. Because Ism.dll is not designed to handle ASP's tag, it directly displays the original program code. To exploit this security vulnerability, remote hackers simply add +.htr to the tail of their URL strings. For example, to see the original program code of Default.asp on the 10.11.11.15, a hacker can use the following URL:
Http://10.11.11.15/default.asp+.htr
At this time you just in the browser menu bar, select "View/source file" can see the ASP's program, everything is very simple, the fire wall cannot block this. However, unlike showcode.asp, this vulnerability does not allow hackers to steal a designated file directly outside the root directory of the Web server file. In addition, if the ASP document has a volume label, this method does not work very well. When the% symbol is encountered, the output is terminated. Therefore, the most common use of this vulnerability is to use the SCRIPT runat= "SERVER" .../script the ASP file for the volume label.
Generally speaking, in any Web site built on IIS ASP and SQL Server, the information that interests hackers is global.asa. This Global.asa file is located under the root directory of the Web site file, and it contains some settings for the Web application. The parameters set can include predefined variables, database user ID and password, system name, and database server address. Once hackers get Global.asa, they are the key to the entire site.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
