Web source Security Audit ASP article (1)

0x01 ASP Introduction: ASP is a server-side scripting environment that you can use to create and run dynamic Web pages or Web applications. ASP Web pages can include HTML tags, plain text, script commands, and COM components. With ASP, you can add interactive content, such as online forms, to a Web page, or you can create a Web application that uses an HTML Web page as a user interface. 0x02 ASP Vulnerability Introduction: I. Database path disclosure (db path Leak) Overview: Database path leaks are mainly manifested in the asp+access web, when an attacker submits%5c, IIS resolves the error, resulting in the output of the real database path,% 5c is the hexadecimal code of \, another way of representing. The principle of vulnerability: when we submit the data, IE will automatically convert%5c to/, so as to get the same address. In the ASP type website, will use a database connection file, the name is generally conn.asp. Vulnerability code: Here I use the Power article system to do the case, the code is as follows: <%dimconndimconnstrdimdbdb= "Database/adsfkldfogowerjnokfdslwejhdfsjhk.mdb" The location of the database file Setconn=server.createobject ("ADODB.") Connection ") connstr=" provider=microsoft.jet.oledb.4.0;datasource= "&server.mappath (DB) Conn. Openconnstr%> exploit: When accessing http://www.aspmps.com/cn%5cconn.asp IIS will error the database absolute path output to the client, as shown in the figure 498) this.width=498; ' OnMouseWheel = ' Javascript:return big (This) ' src= ' http://s2.51cto.com/wyfs02/M01/11/63/wKiom1LOMwfRrG_ 3aafamauqhsa194.png "width=" 555 "border=" 0 "height=" "alt=" Web source code Security Audit ASP article "/> When the database path is compromised, the attacker can download the database locally, Locate the Background administrator account and password in the table so that you can easily access the site's background management, which is only for Access databases, and the SQL Server database is unaffected. The Bauku problem of power system has been long, last year 360 companies issued a notice to this end, a number of media have reprinted link address: http://tech.163.com/digi/12/0312/15/7SDHI0LJ00163HE0.html. Vulnerability fixes: There are 2 ways to patch this vulnerability, the first is to add On Error Resume next before Conn.Open connstr code, and the second method selects "Send the following text error message to the client" in the IIS Server configuration option. The following figure 2498) this.width=498 ' OnMouseWheel = ' javascript:return big (This) ' src= ' http://s9.51cto.com/wyfs02/M00/11/63/ Wkiol1lomw_z-ny4aai2moqbstq395.png "width=" 555 "border=" 0 "height=" 306 "alt=" Web source code Security Audit ASP article "/> 1 2 3 4 5 6 7 8 9 10 11 Next >> view full-text content Navigation page 1th: Database path leaks page 2nd: Cross-site Scripting Attack 3rd page: cross-station request forgery Attack 4th page: Arbitrary file download 5th page: No component upload 6th page: Cookie Spoofing 7th page: Local file contains 8th page: Path Control 9th Commit Spoofing page 10th: Code injection page 11th: SQL injection Original: Web source code Security Audit ASP article (1) Back to the network security home