ASP Vulnerability Analysis and resolution (1)

Source: Internet
Author: User
Tags access database
Some people say that a computer that is not connected to the outside is the safest computer, a computer that shuts down all the ports and does not provide any services is also the safest. Hackers often use me
Ports that are open to attack, the most common of these attacks is DDoS (denial of service attacks). Below I will list the ASP more than 20 vulnerabilities, each vulnerability can be traced
and solutions.
1 in the ASP program after adding a special symbol, can see the ASP source program
Affected version:
98+pws4 There is no such loophole.
There is no such loophole in the version above IIS4.0.
Problem Description:
These special symbols include the decimal point,%81,:: $DATA. Like what:
http://someurl/somepage.asp:: $DATA
Http://someurl/msadc/samples/selector/showcode.asp?source=/msadc/samples/../../../../../../boot.ini (CAN
See the contents of the Boot.ini file)
Then it is easy to see the somepage.asp source program in the IIS3.0 and WIN95+PWS browsing. What is the cause of this terrible loophole?
The root of the problem is that Windows NT-specific file systems are doing strange things. People with a little common sense know that a file system that is completely different from FAT is provided in NT:
NTFS, the technology called New technology file system makes NT have a higher security mechanism, but it is because it caused a lot of headaches. Everyone
It may not be known that NTFS supports a majority stream in a file, and that the main data stream that contains all the content is called "data", so that the browser
It is possible to easily capture the script in a file by directly accessing this feature of the NTFS system. However the direct result:: $DATA reason is because IIS in
There was a problem parsing the filename, and it did not properly standardize the file name.
Solutions and Recommendations:
If it is a Winodws NT user, installing IIS4.0 or iis5.0,windows2000 does not have this problem. If you are a Win95 user, install WIN98 and PWS4.0.
2 vulnerabilities where ACCESS MDB databases may be downloaded
Problem Description:
When you use Access as a background database, if someone knows or guesses the path and database name of the server's Access database in various ways, then he can
It is very dangerous to download this Access database file. For example, if your Access database is Book.mdb under a virtual directory,
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.