Home > Developer > .Net Core

Analysis of hidden risks of ASP. NET virtual hosts in displaying files

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

The hidden danger of ASP. net vm when displaying files. First, let's look at the instance and show the program showfile. aspx whose file attributes and content are displayed.

The following two main classes are used to display attributes and content:

System. IO. FileInfo: Provides instance methods for creating, copying, deleting, moving, and opening files, and helps create FileStream objects.

System. IO. StreamReader: implements a TextReader to read characters from the byte stream with a specific encoding. StreamReader is encoded as a UTF-8 by default, unless otherwise specified, rather than the ANSI code page of the current system. The UTF-8 can properly process Unicode characters and provide consistent results on the localized version of the operating system.

The main code of ASP. net vm on the Showfile. aspx page of the display file is as follows:

 
 
    
  
  
  1. ﹤asp:Label id="FileDetail" runat="server"/﹥  
    2.

We only display the property information and part of the file on this Label. So there is no other complicated code.

The main code for getting File Information and content is in the code of the Page_Load method in the showfile. aspx. cs file ):

 
 
    
  
  
  1. // Receives input parameters and determines the name of the file to be operated. 
    2. 
  
  
  2. StrFile2Show = Request. QueryString ["File"];
    3. 
  
  
  3. // Instantiate a FileInfo object based on the object name 
    4. 
  
  
  4. FileInfo fi =NewFileInfo (strFile2Show );
    5. 
  
  
  5. FileDetail. Text ="File name :";
    6. 
  
  
  6. FileDetail. Text + = strFile2Show +"<Br>";
    7. 
  
  
  7. FileDetail. Text + ="File size";
    8. 
  
  
  8. // Obtain the file size, and then convert the unit to KB. 
    9. 
  
  
  9. FileDetail. Text + = (fi. Length/1024). ToString () +"K <br>";
    10. 
  
  
  10. FileDetail. Text + ="File Creation Time :";
    11. 
  
  
  11. // Obtain the file creation date 
    12. 
  
  
  12. FileDetail. Text + = fi. CreationTime. ToString ();
    13. 
  
  
  13. FileDetail. Text + ="Last access time :";
    14. 
  
  
  14. // Obtain the last object access date 
    15. 
  
  
  15. FileDetail. Text + = fi. LastAccessTime. ToString () +"<Br>";
    16. 
  
  
  16. FileDetail. Text + ="Last write time :";
    17. 
  
  
  17. // Obtain the last write date of the file 
    18. 
  
  
  18. FileDetail. Text + = fi. LastWriteTime. ToString () +"<Br>";
    19. 
  
  
  19. // Instantiate a StreamReader object to read the content of this FileInfo 
    20. 
  
  
  20. StreamReader FileReader = fi. OpenText ();
    21. 
  
  
  21. // Define an array of 1000 characters as a buffer 
    22. 
  
  
  22. Char[] TheBuffer =New Char[1000];
    23. 
  
  
  23. /* ReadBlock method: Read the maximum number of characters from the current stream and write the data into the buffer zone from the index. 
    24. 
  
  
  24.  
    25. 
  
  
  25. Parameters: 
    26. 
  
  
  26.  
    27. 
  
  
  27. Char [] buffer: when the method returns, it contains the specified character array 
    28. 
  
  
  28.  
    29. 
  
  
  29. Int index: the position in the buffer where data is written. 
    30. 
  
  
  30.  
    31. 
  
  
  31. Int count: Maximum number of characters read 
    32. 
  
  
  32.  
    33. 
  
  
  33. */ 
    34. 
  
  
  34. IntNRead = FileReader. ReadBlock (theBuffer, 0,1000 );
    35. 
  
  
  35.  
    36. 
  
  
  36. FileDetail. Text + =NewString (theBuffer, 0, nRead );
    37. 
  
  
  37.  
    38. 
  
  
  38. // Close StreamReader and release all associated system resources 
    39. 
  
  
  39.  
    40. 
  
  
  40. FileReader. Close ();
    41.

So far, we have implemented a simple web page server disk management application that allows you to view and delete directories and files. If you need to modify files, create files, and folders, you only need to make some modifications and add the corresponding code. Because we only use this program to demonstrate the security risks in the server, we will not implement these functions here.

Through these three simple programs, I think you can clearly understand ASP.. NET virtual host security risks and vulnerabilities are harmful. If we do not prevent them, other users' programs can be viewed and deleted by users who maliciously use this function, server System logs and system files are not secure.

This section describes the hidden risks of ASP. NET Virtual Hosts when displaying files. It also helps you understand the hidden risks of ASP. NET virtual hosts.

  1. Major security risks of ASP. NET Virtual Hosts
  2. Analysis of file system operation risks of ASP. NET Virtual Hosts
  3. Analysis of hidden risks of ASP. NET virtual hosts when creating data sources
  4. Analysis of hidden risks of ASP. NET virtual hosts in file directory management
  5. Analysis of hidden risks of ASP. NET Virtual Hosts When deleting file directories

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
definition of session in asp net full form of soap in asp net features of asp net meaning of asp net purpose of asp net main features of asp net what is virtual directory in asp net
Related Article
asp.net Core Data protection (the data Protection cluster sce...
asp.net core-authorize characteristics
Micro-service Monitoring zipkin+asp.net core
ASP. net mvc creates 404 jump instances (not 302 and 200), mv...
Comparison between Orchard and ABP architectures (aspnetboile...

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More