About the intrusion method of ASP.net server

Asp.net| Server | detailed

A friend on QQ asked me about the intrusion method of ASP.net server I will asp.net some of the intrusion on the common means to tell you

Standard components commonly used in 1.ASP: FileSystemObject, this component provides a powerful file system access to the ASP, you can read, write, delete, rename, and so on any directory and file with permissions on the server hard disk. The FSO object is from the Script Runtime library provided by Microsoft Scrrun.dll. Use the following code to create an FSO object in asp: Set FSO = CreateObject ("Scripting.FileSystemObject") we use the properties and methods contained in the FSO object, such as drive, drives, Folder, floders, file, files, etc. to the server's disk, directories and files to read, write, delete and other operations. This powerful file system access capability poses a serious security problem for ASP space providers, and many of the administrators of ASP spaces Delete This component or rename it to avoid users using this standard component. Deleting a component or component renaming is indeed a simple and effective method, but it makes it impossible for the vast majority of users to use its powerful features. There is also a seemingly beautiful scenario on the Web that allows users to use the FileSystemObject component without affecting the security of the server, which means that each user is set to operate on a separate server user and a single directory. But there is a problem with this approach. Because the problems in this area are very similar between ASP and ASP.net, we will elaborate on the corresponding solutions in asp.net. In asp.net we find that this problem still exists and becomes more difficult to solve. This is because. NET has become more powerful in the function of system IO operations, what makes this problem more serious is that ASP.net has a new function, this component does not need to use the regsvr32 as the ASP to register, just upload DLL class library file to the Bin directory can be used directly. This feature does bring great convenience to development asp.net, but it makes it more complicated to prevent this problem from being eliminated or renamed in ASP. Before we discuss the solution, let's take a look at how to implement the dangerous functionality described above

2. File system

Several other classes that we also want to use the System.IO namespace are:

System.IO.Directory: Provides classes for creating, moving, and enumerating static methods through directories and subdirectories

System.IO.File: A class that provides static methods for creating, copying, deleting, moving, and opening files

System.IO.FileInfo: Classes that provide instance methods for creating, copying, deleting, moving, and opening files

System.IO.StreamReader: Implements a TextReader that reads characters from a byte stream in a specific encoding.

The specific usage of the properties and methods of each class we use will be explained in code comments in the program.

System.IO Namespaces in the mscorlib.dll provided by the. NET Framework, you need to reference this DLL to this project before you use Vs.net programming.

The programs we write use the codebehind approach, That is, each ASPX program has a corresponding Aspx.cs program, ASPX program only write and page display related code, all the logic to implement the code is placed in the corresponding Aspx.cs file, so that you can better display and logical separation. Since our aim is not to discuss codebehind technology, we are not discussing it any more.

In this article, we'll just introduce the use of several major classes and their key methods, and see the accompanying source code for detailed procedures.

Program One: Displays the current information of the server and the names of all logical drives listdrivers.aspx

Main Method 1: We use the Getsysinf () method to get the server's current environment and platform information

The method for obtaining system information, which is in the Listdrivers.aspx.cs file

public void Getsysinf () {

Get operating system type

Qdrives = Environment.OSVersion.ToString ();

Get system Folder

Qsystemdir = Environment.SystemDirectory.ToString ();

/* Gets the amount of physical memory mapped to the process context, through which you can understand how much of the ASP.net program needs to run at the same time, to better plan our entire application, because the physical amount of memory is in bytes, so we divide this number by 1024, Can get the amount of physical memory per unit KB.

Qmo = (environment.workingset/1024). ToString ();

Gets the fully qualified path of the current directory (that is, the directory from which the process starts)

Qcurdir = Environment.CurrentDirectory.ToString ();

Get the network of the host

Contact Domain Name

Qdomname = Environment.UserDomainName.ToString ();

Gets the number of milliseconds elapsed since the system started

Qtick = Environment.tickcount;

Calculates the number of minutes elapsed since the system started

Qtick/= 60000;

Get Machine Name

Qmachine = Environment.MachineName;

Gets the user name that is running the current process

Quser = Environment.username;

/* Retrieves the name of the logical drive with the format "drive letter >:\" On this computer and returns an array of strings, which is the key to next steps.

Achdrives = Directory.getlogicaldrives ();

Gets the number of dimensions for this string array, determining how many logical drives

Nnumofdrives = Achdrives.length;

The system information does not need to be operated, we simply use the Asp:label to show them out on the line. The number of logical drives is variable on different servers, so the name of the logical drive is saved with an indefinite array, and the name of the logical drive is the basis for our next browsing of directories and files, so we use a DataGrid in the data grid to display and process it. Display and process the code for the DataGrid of the logical drive name (code in listdrivers.aspx file):

headertext= "More Information"

Datanavigateurlfield= "Drivers" datanavigateurlformatstring= "listdir.aspx?dir={0}"

Datatextfield= "Detail"

target= "_new"/>

The first two BoundColumn columns in the

are displayed with ordinal and actual logical drive names, and the third column requires that we pass the name of the selected logical drive to the file that displays the directory before entering the various logical drives to display the directories and files. So you need a special hyperlink row HyperLinkColumn, we set the Datanavigateurlfield to the field in the data source that you want to bind to the URL of the hyperlink in HyperLinkColumn, which is the logical drive name. Datanavigateurlformatstring is then set to display the URL of the hyperlink in this hyperlinkcolumn when the URL data is bound to a field in the data source, that is, the next level of processing page to link to. For listdir.aspx?dir={users click on the logical drive name of the row

Standard components commonly used in 1.ASP: FileSystemObject, this component provides a powerful file system access to the ASP, you can read, write, delete, rename, and so on any directory and file with permissions on the server hard disk. The FSO object is from the Script Runtime library provided by Microsoft Scrrun.dll. Use the following code to create an FSO object in asp: Set FSO = CreateObject ("Scripting.FileSystemObject") we use the properties and methods contained in the FSO object, such as drive, drives, Folder, floders, file, files, etc. to the server's disk, directories and files to read, write, delete and other operations. This powerful file system access capability poses a serious security problem for ASP space providers, and many of the administrators of ASP spaces Delete This component or rename it to avoid users using this standard component. Deleting a component or component renaming is indeed a simple and effective method, but it makes it impossible for the vast majority of users to use its powerful features. There is also a seemingly beautiful scenario on the Web that allows users to use the FileSystemObject component without affecting the security of the server, which means that each user is set to operate on a separate server user and a single directory. But there is a problem with this approach. Because the problems in this area are very similar between ASP and ASP.net, we will elaborate on the corresponding solutions in asp.net. In asp.net we find that this problem still exists and becomes more difficult to solve. This is because. NET has become more powerful in the function of system IO operations, what makes this problem more serious is that ASP.net has a new function, this component does not need to use the regsvr32 as the ASP to register, just upload DLL class library file to the Bin directory can be used directly. This feature does bring great convenience to development asp.net, but it makes it more complicated to prevent this problem from being eliminated or renamed in ASP. Before we discuss the solution, let's take a look at how to implement the dangerous functionality described above

2. File system

Several other classes that we also want to use the System.IO namespace are:

System.IO.Directory: Provides classes for creating, moving, and enumerating static methods through directories and subdirectories

System.IO.File: A class that provides static methods for creating, copying, deleting, moving, and opening files

System.IO.FileInfo: Classes that provide instance methods for creating, copying, deleting, moving, and opening files

System.IO.StreamReader: Implements a TextReader that reads characters from a byte stream in a specific encoding.

The specific usage of the properties and methods of each class we use will be explained in code comments in the program.

System.IO Namespaces in the mscorlib.dll provided by the. NET Framework, you need to reference this DLL to this project before you use Vs.net programming.

The programs we write use the codebehind approach, That is, each ASPX program has a corresponding Aspx.cs program, ASPX program only write and page display related code, all the logic to implement the code is placed in the corresponding Aspx.cs file, so that you can better display and logical separation. Since our aim is not to discuss codebehind technology, we are not discussing it any more.

In this article, we'll just introduce the use of several major classes and their key methods, and see the accompanying source code for detailed procedures.

Program One: Displays the current information of the server and the names of all logical drives listdrivers.aspx

Main Method 1: We use the Getsysinf () method to get the server's current environment and platform information

The method for obtaining system information, which is in the Listdrivers.aspx.cs file

public void Getsysinf () {

Get operating system type

Qdrives = Environment.OSVersion.ToString ();

Get system Folder

Qsystemdir = Environment.SystemDirectory.ToString ();

/* Gets the amount of physical memory mapped to the process context, through which you can understand how much of the ASP.net program needs to run at the same time, to better plan our entire application, because the physical amount of memory is in bytes, so we divide this number by 1024, Can get the amount of physical memory per unit KB.

Qmo = (environment.workingset/1024). ToString ();

Gets the fully qualified path of the current directory (that is, the directory from which the process starts)

Qcurdir = Environment.CurrentDirectory.ToString ();

Get the network of the host

Tail

headertext= "More Information"

target= "_new"

/>

In two DataGrid (Dirgrid,filegrid) We set up two separate HyperLinkColumn columns to navigate to different processing pages.

We all used a deleted button column in two datagrid:

text= "Delete"

Commandname= "Delete"

/>

Because the Add, update, delete feature columns are the default template columns for the DataGrid, you can add this column automatically through the DataGrid's Property Builder in Vs.net.

Gets the code for the parameter passed by the previous page:

The following code is used in the Page_Load method of the page, because you need to use the parameters passed over from the previous page to determine the directory and file name in the method that produces the data source below:

Strdir2list = request.querystring["dir"];

The string strdir2list the name of the directory or file name that is passed over.

Because we use two dategrid, we need two data bindings, there are two different ways to generate data sources.

How to generate a directory data grid (Dirgrid) data source:

This method returns a collection-form data View DataView, which initializes the DataGrid of the subdirectory

ICollection Createdatasourcedir () {

Dtdir = new DataTable ();

DataRow Dr;

Add a new data column to the DataTable, a total of four columns

DTDIR.COLUMNS.ADD (New DataColumn ("DirID", typeof (Int32));

DTDIR.COLUMNS.ADD (New DataColumn ("DirName", typeof (String));

DTDIR.COLUMNS.ADD (New DataColumn ("Deldir", typeof (String));

DTDIR.COLUMNS.ADD (New DataColumn ("Dirdetail", typeof (String));

A string array of all subdirectory names in this directory, based on the parameters passed in (directory name)

string [] direntries = Directory.getdirectories (strdir2list);

Use a Foreach loop to iterate through an array of unknown lengths

foreach (String dirname in Direntries) {

Dr = Dtdir.newrow ();

DR[0] = i;//serial number

DR[1] = dirname;//folder name

DR[3] = "delete";

DR[3] = "View Details";

DTDIR.ROWS.ADD (DR);

i++;

}

DataView Dvdir = new DataView (dtdir);

Returns the resulting Data view

return dvdir;

}

How to generate a file data grid (Filegrid) data source:

This method returns a collection-form data View DataView, which initializes the DataGrid for the file

ICollection Createdatasourcefile () {

Dtfile = new DataTable ();

DataRow Dr;

DTFILE.COLUMNS.ADD (New DataColumn ("Fileid", typeof (Int32));

DTFILE.COLUMNS.ADD (New DataColumn ("FileName", typeof (String));

DTFILE.COLUMNS.ADD (New DataColumn ("Delfile", typeof (String));

DTFILE.COLUMNS.ADD (New DataColumn ("Filedetail", typeof (String));

A string array of all the file names in this directory, based on the parameters passed in (directory name)

string [] fileentries = Directory.GetFiles (strdir2list);

foreach (String FileName in Fileentries) {

Dr = Dtfile.newrow ();

Dr[0] = i;

DR[1] = FileName;

DR[2] = "delete";

DR[3] = "View Details";

DTFILE.ROWS.ADD (DR);

i++;

}

Dvfile = new DataView (dtfile);

return dvfile;

}

We programmed two DataSource to display the data in the resulting DataTable to the DataGrid on the ASPX page by only data binding to two DataGrid in the Page_Load method of the page.

Data binding Code://subdirectory data list Dirgrid data source definition and data binding

Dirgrid.datasource = Createdatasourcedir ();

Dirgrid.databind ();

Data source definition and data binding for file data list Filegrid

Filegrid.datasource = Createdatasourcefile ();

Filegrid.databind ();

Through the main methods described above, we have implemented a list of all subdirectories and files in a logical drive or directory, and can further browse subdirectories or view the properties and content feeds of a file based on the results displayed. Browsing subdirectories is still done by listdir.aspx this program, without any subdirectory level requirements, no directory depth restrictions.

The primary method and code for deleting subdirectories and files:

When we delete subdirectories, we need to use the Directory.delete (String,bool) method, which has two kinds of methods:

1. public static void Delete (string);

Deletes an empty directory from the specified path.

2. public static void Delete (String, Boolean);

Deletes the specified directory and, if indicated, deletes any subdirectories in the directory, and if Boolean is set to True, deletes all subdirectories and files under this directory, or sets the Boolean to False.

Here we use the second method, and if you choose to delete it, all subdirectories and files in this directory will be deleted.

Note: All of the methods of the directory class are static and can be invoked without having an instance of directory directory.

/* Implement the method of deleting subdirectories, this method is automatically added to vs.net, note that DataGridCommandEventArgs E is the ButtonColumn event for Commandname= "Delete" in Dirgrid, through this event, We can get the name of the ButtonColumn button column that is clicked, and then determine what subdirectory we need to delete.

private void Dirgrid_deletecommand (object source, System.Web.UI.WebControls.DataGridCommandEventArgs e) {

/* Define a cell, e.item all items that occur for this event, E.item.cells[1] as the contents of the second cell of the entire row, in this DataGrid the name of the subdirectory

*/

TableCell Itemcell = e.item.cells[1];

A string that gets the name of this subdirectory

string item = Itemcell.text;

Delete this subdirectory

Directory.delete (item,true);

Data binding to update the list of data after deletion

Dirgrid.databind ();

}

When we delete the file, we need to use File.delete (string path);

Note: All methods of the File class are static and can be invoked without having an instance of the directory.

private void Filegrid_deletecommand (object source,

System.Web.UI.WebControls.DataGridCommandEventArgs e) {

TableCell Itemcell = e.item.cells[1];

A string that gets the name of this file

string item = Itemcell.text;

Delete this file

File.delete (item);

Data binding to update the list of data after deletion

Dirgrid.databind ();

}

Through the main method above we implemented a deletion of a subdirectory or file on the page function, this feature needs to be used carefully in testing, once the deletion can not be restored through the normal method. Other methods such as directory or file renaming, modify content, etc. can be added to the program based on the corresponding functions, the implementation method is also very simple. Enthusiasts can expand to a web-based server file management system by adding the appropriate functionality. We can also see the dangers of this program, and a file system for a server that does not take precautions against this security risk is exposed to users who use this program.