ASP. NET Virtual Host Security Risks

Note: All programs in this article are compiled and run correctly on Windows 2000 Server Chinese edition + SP2
Development Environment:. Net Framework 1.0 Version 1.0.3705
I. Major Risks of ASP. NET Virtual Hosts

I used to go to WWW. BRINKSTER. COM applied for a free ASP.. NET Space. Two programs are uploaded. One of the programs that view directories and files proves my judgment: a security problem exists in the ASP shared space server, it still exists in the ASP + Shared Space server and becomes more difficult to prevent! Through this program, I can browse all the user's ASP + programs, and view the server's system logs ......, Of course, there is no problem if I want to delete anything. To give you a clearer understanding of this issue, it is necessary to briefly introduce this issue that already exists in ASP.

Commonly used standard component in ASP: FileSystemObject, which provides powerful file system access capabilities for ASP, you can read, write, delete, and rename any directories and files on the server's hard disk. The FSO object comes from the script running library scrrun. dll provided by Microsoft.

Use the following code to create a FSO object in ASP:

Set fso = createObject ("Scripting. FileSystemObject ")

We use the attributes and methods contained in the fso object, such as Drive, Drives, Folder, Floders, File, and Files, to read, write, and delete disks, directories, and Files on the server. This powerful file system access capability brings serious security problems to ASP shared space providers, many ASP space administrators delete this component or rename it to prevent users from using this standard component. Deleting a component or renaming a component is indeed a simple and effective method, but it does not allow users to use its powerful functions. There is also a beautiful solution on the network, which allows users to use the FileSystemObject component without affecting the security of the server, that is, each user is set to an independent server user and a single directory operation permission. However, this method is problematic. Because ASP and ASP. NET have similar problems in this regard, we will add details in the corresponding solutions section of ASP. NET.

In ASP. NET, we found that this problem still exists and becomes more difficult to solve. This is because. NET, and ASP. NET has a new function, this component does not need to use regsvr32 for registration as ASP does, you just need to upload the Dll class library file to the bin directory to use it directly. This function is designed for ASP development. NET brings a lot of convenience, but it makes the solution that we delete or rename this dll in ASP useless, so it becomes more complicated to prevent this problem. Before discussing the solution, let's take a look at how to implement the above dangerous functions.

Ii. File System Operation example

Before writing code, it is necessary to understand the main classes we need. These classes are all in the System. IO namespace. The System. IO namespace contains classes that allow synchronous and asynchronous read/write on data streams and files.

At the beginning of the application, we need to know the System information of the server. This requires the System. Environment class, which provides information about the current Environment and platform and methods for operating on them. We use System. the Environment class can get the current directory and system directory of the system, which allows us to quickly find several key directories. We can also get the username of the running process to help us understand ASP.. NET program, and further set user permissions to avoid this security problem.

The other classes that use the System. IO namespace are:

System. IO. Directory: provides classes for creating, moving, and enumerating static methods through directories and subdirectories

System. IO. File: provides a class for creating, copying, deleting, moving, and opening files.

System. IO. FileInfo: class that provides instance methods for creating, copying, deleting, moving, and opening files

System. IO. StreamReader: implements a TextReader to read characters from the byte stream with a specific encoding.

The specific usage of the attributes and methods of each class we use will be described in the program as code annotations.

The System. IO namespace is in mscorlib. dll provided by. net framework. You need to reference this Dll to this handler before using VS. Net programming.

All programs we write use the Codebehind method, that is, each aspx program has a corresponding aspx. in the cs program and aspx program, only Code related to page display is written, and all logic implementation code is placed in the corresponding aspx. in the cs file, the display and logic can be better separated. Since our purpose is not to discuss Codebehind technology, we will not discuss it more.

In this article, we will only introduce the usage of several main classes and their key methods. For details about the program, please refer to the included source code.

Program 1: listdrivers. aspx program that displays the current information of the server and the names of all logical drives

Main Method 1: We use the GetSysInf () method to obtain information about the current environment and platform of the server.

// Method for obtaining system information, which is in the listdrivers. aspx. cs File
Public void GetSysInf (){
// Obtain the operating system type
QDrives = Environment. OSVersion. ToString ();
// Obtain the system folder
QSystemDir = Environment. SystemDirectory. ToString ();
/* Obtain the physical memory volume mapped to the process context. You can learn about ASP through this memory ING volume. the number of system physical memory required by the. NET Program during operation helps to better plan our entire application. Because the physical memory volume is measured in bytes, we divide this value by 1024, you can obtain the physical memory size in KB */
QMo = (Environment. WorkingSet/1024). ToString ();
// Obtain the fully qualified path of the current directory (that is, the directory from which the process starts)
QCurDir = Environment. CurrentDirectory. ToString ();
// Obtain the network domain name of the host
QDomName = Environment. UserDomainName. ToString ();
// Obtain the number of milliseconds after the system is started
QTick = Environment. TickCount;
// Calculate the number of minutes after the system is started
QTick/= 60000;
// Obtain the machine name
QMachine = Environment. MachineName;
// Obtain the user name for running the current process
QUser = Environment. UserName;
/* Retrieve the name of the logical drive in the format of "<drive letter>:" on this computer and return a string array, which is the key to the next step */
AchDrives = Directory. GetLogicalDrives ();
// Obtain the dimension of the string array and determine the number of logical drives.
NNumOfDrives = achDrives. Length;
}

System information does not need to be operated. We simply use asp: Label to display them. The number of logical drives varies on different servers. Therefore, the name of the logical drive is stored in an indefinite array, and the name of the logical drive is also the basis for browsing directories and files, therefore, we use the data grid DataGrid to display and process it.

Code for displaying and processing the DataGrid of the logical drive name (the code is in the listdrivers. aspx file ):
<Asp: DataGrid id = "DriversGrid" runat = "server" AutoGenerateColumns = "false">
<Columns>
<Asp: BoundColumn HeaderText = "ID" DataField = "ID"/>
<Asp: BoundColumn HeaderText = "disk name" DataField = "Drivers"/>
<Asp: HyperLinkColumn
HeaderText = "details"
DataNavigateUrlField = "Drivers" DataNavigateUrlFormatString = "listdir. aspx? Dir = {0 }"
DataTextField = "Detail"
Target = "_ new"/>
</Columns>
</Asp: DataGrid>
The first two BoundColumn columns show the sequence number and the actual logical drive name. The third column must be noted, before entering the display directory and file of each logical drive, we need to pass the name of the selected logical drive to the file of the display directory. Therefore, a special hyperlink line HyperLinkColumn is required, we set DataNavigateUrlField to the URL field of the hyperlink to be bound to the HyperLinkColumn in the data source, where it is the name of the logical drive. Then, set DataNavigateUrlFormatString to the display format of the hyperlink URL in the HyperLinkColumn when the URL data is bound to a field in the data source, that is, the next level of processing page to be linked. Here it is listdir. aspx? Dir = {name of the logical drive you clicked on}

Code for creating a data source (the code is in the listdrivers. aspx. cs file ):

// Return a data view in the form of a set using this method DataView
ICollection createDataSource (){
// Define the data table able in memory
DataTable dt = new DataTable ();
// Define a data row in the DataTable DataRow
DataRow dr;
/* Add a Column to the DataTable. Format: DataColumn ("Column", type)
Column is the name of the data Column, and type is the data type of the data Column */
Dt. Columns. Add (new DataColumn ("ID", typeof (Int32 )));
Dt. Columns. Add (new DataColumn ("drivers", typeof (string )));
Dt. Columns. Add (new DataColumn ("detail", typeof (string )));
// Use the for loop to add the name of the logical drive as a row to the data table able
For (int I = 0; I <nNumOfDrives; I ++ ){
// Define a new line
Dr = dt. NewRow ();
// Assign values to each column in the row. Be sure to correspond to the rows of the able defined above.
Dr [0] = I; // The serial number generated cyclically
Dr [1] = achDrives [I]. ToString (); // name of the logical drive
Dr [2] = "View Details ";
// Add rows to the able
Dt. Rows. Add (dr );
}
// Generate a custom view DataView Based on the obtained DataTable.
DataView dv = new DataView (dt );
// Return the view DataView.
Return dv;
}
We can use this method to obtain a DataView that contains all the data we need. We only need to bind this data view to the DataGrid in the Page_Load method of the aspx page.

Data Binding Code (the code is in the listdrivers. aspx. cs file ):

/* Set the data source DataSource of the DataGrid to the DataView we obtained from the createDataSource () method */
DriversGrid. DataSource = createDataSource ();
// Bind the DataGrid to the data
DriversGrid. DataBind ();

Through the main methods described above, we can obtain system information and display all the logical drive names, and enter the next program listdir that displays the Directory and file name through the corresponding link. aspx displays under this logical drive