Analysis of hidden risks of ASP. NET virtual hosts in displaying files

Source: Internet
Author: User

The hidden danger of ASP. net vm when displaying files. First, let's look at the instance and show the program showfile. aspx whose file attributes and content are displayed.

The following two main classes are used to display attributes and content:

System. IO. FileInfo: Provides instance methods for creating, copying, deleting, moving, and opening files, and helps create FileStream objects.

System. IO. StreamReader: implements a TextReader to read characters from the byte stream with a specific encoding. StreamReader is encoded as a UTF-8 by default, unless otherwise specified, rather than the ANSI code page of the current system. The UTF-8 can properly process Unicode characters and provide consistent results on the localized version of the operating system.

The main code of ASP. net vm on the Showfile. aspx page of the display file is as follows:

 
 
  1. ﹤asp:Label id="FileDetail" runat="server"/﹥  

We only display the property information and part of the file on this Label. So there is no other complicated code.

The main code for getting File Information and content is in the code of the Page_Load method in the showfile. aspx. cs file ):

 
 
  1. // Receives input parameters and determines the name of the file to be operated. 
  2. StrFile2Show = Request. QueryString ["File"];
  3. // Instantiate a FileInfo object based on the object name 
  4. FileInfo fi =NewFileInfo (strFile2Show );
  5. FileDetail. Text ="File name :";
  6. FileDetail. Text + = strFile2Show +"<Br>";
  7. FileDetail. Text + ="File size";
  8. // Obtain the file size, and then convert the unit to KB. 
  9. FileDetail. Text + = (fi. Length/1024). ToString () +"K <br>";
  10. FileDetail. Text + ="File Creation Time :";
  11. // Obtain the file creation date 
  12. FileDetail. Text + = fi. CreationTime. ToString ();
  13. FileDetail. Text + ="Last access time :";
  14. // Obtain the last object access date 
  15. FileDetail. Text + = fi. LastAccessTime. ToString () +"<Br>";
  16. FileDetail. Text + ="Last write time :";
  17. // Obtain the last write date of the file 
  18. FileDetail. Text + = fi. LastWriteTime. ToString () +"<Br>";
  19. // Instantiate a StreamReader object to read the content of this FileInfo 
  20. StreamReader FileReader = fi. OpenText ();
  21. // Define an array of 1000 characters as a buffer 
  22. Char[] TheBuffer =New Char[1000];
  23. /* ReadBlock method: Read the maximum number of characters from the current stream and write the data into the buffer zone from the index. 
  24.  
  25. Parameters: 
  26.  
  27. Char [] buffer: when the method returns, it contains the specified character array 
  28.  
  29. Int index: the position in the buffer where data is written. 
  30.  
  31. Int count: Maximum number of characters read 
  32.  
  33. */ 
  34. IntNRead = FileReader. ReadBlock (theBuffer, 0,1000 );
  35.  
  36. FileDetail. Text + =NewString (theBuffer, 0, nRead );
  37.  
  38. // Close StreamReader and release all associated system resources 
  39.  
  40. FileReader. Close ();

So far, we have implemented a simple web page server disk management application that allows you to view and delete directories and files. If you need to modify files, create files, and folders, you only need to make some modifications and add the corresponding code. Because we only use this program to demonstrate the security risks in the server, we will not implement these functions here.

Through these three simple programs, I think you can clearly understand ASP.. NET virtual host security risks and vulnerabilities are harmful. If we do not prevent them, other users' programs can be viewed and deleted by users who maliciously use this function, server System logs and system files are not secure.

This section describes the hidden risks of ASP. NET Virtual Hosts when displaying files. It also helps you understand the hidden risks of ASP. NET virtual hosts.

  1. Major security risks of ASP. NET Virtual Hosts
  2. Analysis of file system operation risks of ASP. NET Virtual Hosts
  3. Analysis of hidden risks of ASP. NET virtual hosts when creating data sources
  4. Analysis of hidden risks of ASP. NET virtual hosts in file directory management
  5. Analysis of hidden risks of ASP. NET Virtual Hosts When deleting file directories

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.