Security | What are some of the security issues that may be in the ASP?
ASP has a simple, easy-to-use, multi-function, scalability and other powerful functions, but there are some problems. For example, if you use ASP, the security of the network can be greatly reduced! For an example, follow the steps below:
(1) Download this file from the Http://home.gbsource.net/xuankong/dll.zip, unzip the Test.dll file to the C:windowssystem (if you are using NT, please copy to the corresponding directory);
(2) Next Open "Start/Run" menu to enter "regsvr32 test.dll" command;
(3) Copy the unpacked package of the index.asp to your server directory (if you are using PWS debugging can be copied to the "C:inetpubwwwroot", NT please copy to the corresponding directory);
(4) change a machine with IE browse index.asp file look (you see the error code, but in fact, the program is already running), you go back to your machine to see C: Is there a file below? A file named Xuankong.dat (in fact, if I want to, your C:autoexec.bat file page can be opened by me and written in some like "format c:/q/u" and other commands, so the next time you restart, the results will be self-evident).
How is the security issue with ASP pages generated?
Let's take a look at what's going on, the DLL files you just copied are actually a main piece I developed using Visul Basic5, which is generated by the following steps:
(1) Open VB5 a new "ActiveX.dll" file, bar The following code input:
Private Declare Function exitwindowsex Lib "User32" _ (ByVal uflags as Long,byval dwreserved as Long) _as longsub Xuankong ( "Please do not add" private "a$ = InputBox (" Please enter your name if you enter "Xuankong" "+CHR +CHR (10) +" will generate a "Xuankong" file +chr in your system +CHR (13) + "Otherwise your machine may be reset", "Please enter", "Xuankong") If a$ = "Xuankong" Thenopen "C:xuankong.dat" for Append as #Write #, "My friend, This is an ASP main test program "#Write," Hello World!this is a test "#Write," if you see this file test success! "elseexitwindowsex&h43,0 uses API functions to restart machine End Ifclose #1End Sub
(2) Change the project name to a DLL, the class module to test, and then the project to generate DLL files to the C:windowssystem directory.
(3) Create a new index.asp file to enter the following code:
(4) Copy index.asp to your server, and follow the above method to debug!
Summarize:
The above is the ASP main part of the security issue! In addition, if some authors write ASP main pieces of the time inadvertently leave the system bug! That's even more difficult to find! may also bring unexpected problems.
