Resolve 20, use Activer Server Explorer to read and write files to access
Vulnerability Description:
Chinaasp's Activer Server Explorer makes it easy to view local files online View the directory on the server online to see the file name, size, class
Type, modify time, online edit plain text files, such as. txt,. htm,. asp,. PL,. CGI, and so on, directly execute the files on the server.
Activer Server Explorer requires a relative or absolute path to be filled in, but if: there is an attacker who uploads Activer Server Explorer to
A directory on the target server, and the directory supports ASP, then he can modify and execute the Activer Server Explorer
File. This can happen when an attacker owns a writable directory account on the target NT Server, and the directory supports ASP. For example, some support ASP
People free Home Server, the Activer Server Explorer first to pass on your application of the free homepage space, and then through a variety of methods to get the path of the target server (such as
Vulnerability: "Requesting a non-existent extension of IDQ or Ida files exposes the physical address of the file on the server." Or simply fill in the relative path with ".", generally
is the default. This allows an attacker to arbitrarily modify and execute files on the target server, regardless of whether or not he has read or write access to the file.
Therefore, those who provide a personal homepage of ASP services or other services of the server, you should be doubly careful of this attack.
Vulnerability resolution
In fact, Activer Server Explorer uses the vulnerability 4 FileSystemObject component to tamper with the download of any file on a FAT partition.
Loopholes.
So how can we restrict users from using FileSystemObject objects? An extreme approach is to completely reverse the registration of the FileSystemObject object.
Component, which is Scrrun.dll. The specific methods are as follows:
Under MS-DOS status, type:
Regsvr32/u C:\windows\system\scrrun.dll
(Note: To change your local actual path when you actually do it)
But in this case, you can not use the FileSystemObject object, and sometimes use the FileSystemObject object to manage the file is very convenient, there is any way to
What's the most of both worlds?
We can prevent others from illegally using FileSystemObject objects, but we can still use this object ourselves.
The method is as follows:
Find in the registry
Hkey_classes_root\scripting.filesystemobject Key value
Change it to the string you want (right---> "rename"), such as changing to
Hkey_classes_root\scripting.filesystemobject2
In this way, the ASP must refer to this object as follows:
Set fso = CreateObject ("Scripting.filesystemobject2")
and cannot be used:
Set fso = CreateObject ("Scripting.FileSystemObject")
If you use the usual method to invoke the FileSystemObject object, you will not be able to use it.
As long as you don't tell anyone about this changed object name, other people are unable to use the FileSystemObject object. In this way, as a site manager, we have eliminated
Other people illegally use FileSystemObject objects, and we can still use this object to facilitate the implementation of Web site online management and so on functions!
