ASP for Web source code security auditing (1)

0 × 01 ASP introduction:

ASP is a server-side scripting environment that can be used to create and run dynamic Web pages or Web applications. ASP Web pages can contain HTML tags, common text, script commands, and COM components. Using ASP, you can add interactive content (such as online forms) to a webpage, or create a web application that uses an HTML webpage as the user interface.

0 × 02 ASP Vulnerability introduction:

1. DataBase Path Leak)

Overview: Database path leakage is mainly manifested in the WEB built by ASP + Access. When an attacker submits % 5c, IIS will cause a parsing error, resulting in the output of the real database path, % 5c is the hexadecimal code of \, that is, another representation.

Vulnerability principle: When submitting data, IE will automatically convert % 5c to/to get the same address. A database connection file is used in asp websites. The name is conn. asp.

Vulnerability code: Here I use the dynamic article system as an example. The Code is as follows:

 
 

  
  
<%
  
  
Dim conn
  
  
Dim connstr
  
  
Dim db
  
  
Db = "database/adsfkldfogowerjnokfdslwejhdfsjhk. mdb" 'location of the database file
  
  
Set conn = Server. CreateObject ("ADODB. Connection ")
  
  
Connstr = "Provider = Microsoft. Jet. OLEDB.4.0; Data Source =" & Server. MapPath (db)
  
  
Conn. Open connstr
  
  
%>
 
 

Vulnerability exploits: when accessing http://www.aspmps.com/cn%5cconn.asp IIS, an error is reported to output the absolute database path to the client, as shown in

When the database path is leaked, attackers can download the database to the local computer and find the background Administrator account and password in the table, so that they can easily access the background management of the website, this vulnerability is only applicable to ACCESS databases and does not affect SQL server databases. The brute-force database of the power system has been suffering for a long time. Last year, 360 companies released an announcement to this end. Multiple media outlets have reposted the link: http://tech.163.com/digi/12/0312/15/7sdhi0lj00163he0.html.

Vulnerability repair: There are two methods to fix this vulnerability. The first method is in conn. before the open connstr code, add On Error Resume Next. In the second method, select "Send the following text Error message to the client" in the IIS server configuration option ". Example 2