The hidden danger of ASP. net vm when displaying files. First, let's look at the instance and show the program showfile. aspx whose file attributes and content are displayed.
The following two main classes are used to display attributes and content:
System. IO. FileInfo: Provides instance methods for creating, copying, deleting, moving, and opening files, and helps create FileStream objects.
System. IO. StreamReader: implements a TextReader to read characters from the byte stream with a specific encoding. StreamReader is encoded as a UTF-8 by default, unless otherwise specified, rather than the ANSI code page of the current system. The UTF-8 can properly process Unicode characters and provide consistent results on the localized version of the operating system.
The main code of ASP. net vm on the Showfile. aspx page of the display file is as follows:
- ﹤asp:Label id="FileDetail" runat="server"/﹥
We only display the property information and part of the file on this Label. So there is no other complicated code.
The main code for getting File Information and content is in the code of the Page_Load method in the showfile. aspx. cs file ):
- // Receives input parameters and determines the name of the file to be operated.
- StrFile2Show = Request. QueryString ["File"];
- // Instantiate a FileInfo object based on the object name
- FileInfo fi =NewFileInfo (strFile2Show );
- FileDetail. Text ="File name :";
- FileDetail. Text + = strFile2Show +"<Br>";
- FileDetail. Text + ="File size";
- // Obtain the file size, and then convert the unit to KB.
- FileDetail. Text + = (fi. Length/1024). ToString () +"K <br>";
- FileDetail. Text + ="File Creation Time :";
- // Obtain the file creation date
- FileDetail. Text + = fi. CreationTime. ToString ();
- FileDetail. Text + ="Last access time :";
- // Obtain the last object access date
- FileDetail. Text + = fi. LastAccessTime. ToString () +"<Br>";
- FileDetail. Text + ="Last write time :";
- // Obtain the last write date of the file
- FileDetail. Text + = fi. LastWriteTime. ToString () +"<Br>";
- // Instantiate a StreamReader object to read the content of this FileInfo
- StreamReader FileReader = fi. OpenText ();
- // Define an array of 1000 characters as a buffer
- Char[] TheBuffer =New Char[1000];
- /* ReadBlock method: Read the maximum number of characters from the current stream and write the data into the buffer zone from the index.
-
- Parameters:
-
- Char [] buffer: when the method returns, it contains the specified character array
-
- Int index: the position in the buffer where data is written.
-
- Int count: Maximum number of characters read
-
- */
- IntNRead = FileReader. ReadBlock (theBuffer, 0,1000 );
-
- FileDetail. Text + =NewString (theBuffer, 0, nRead );
-
- // Close StreamReader and release all associated system resources
-
- FileReader. Close ();
So far, we have implemented a simple web page server disk management application that allows you to view and delete directories and files. If you need to modify files, create files, and folders, you only need to make some modifications and add the corresponding code. Because we only use this program to demonstrate the security risks in the server, we will not implement these functions here.
Through these three simple programs, I think you can clearly understand ASP.. NET virtual host security risks and vulnerabilities are harmful. If we do not prevent them, other users' programs can be viewed and deleted by users who maliciously use this function, server System logs and system files are not secure.
This section describes the hidden risks of ASP. NET Virtual Hosts when displaying files. It also helps you understand the hidden risks of ASP. NET virtual hosts.
- Major security risks of ASP. NET Virtual Hosts
- Analysis of file system operation risks of ASP. NET Virtual Hosts
- Analysis of hidden risks of ASP. NET virtual hosts when creating data sources
- Analysis of hidden risks of ASP. NET virtual hosts in file directory management
- Analysis of hidden risks of ASP. NET Virtual Hosts When deleting file directories