ASP Vulnerability Analysis and resolution (9)

Source: Internet
Author: User
Tags relative
20, using Activer Server Explorer can read and write access to the file
Vulnerability Description:
Chinaasp's Activer Server Explorer makes it easy to view local files online View the directory on the server online to see the file name, size, class
Type, modify time, online edit plain text files, such as. txt,. htm,. asp,. PL,. CGI, and so on, directly execute the files on the server.
Activer Server Explorer requires a relative or absolute path to be filled in, but if: there is an attacker who uploads Activer Server Explorer to
A directory on the target server, and the directory supports ASP, then he can modify and execute the Activer Server Explorer
File. This can happen when an attacker owns a writable directory account on the target NT Server, and the directory supports ASP. For example, some support ASP
People free Home Server, the Activer Server Explorer first to pass on your application of the free homepage space, and then through a variety of methods to get the path of the target server (such as
Vulnerability: "Requesting a non-existent extension of IDQ or Ida files exposes the physical address of the file on the server." Or simply fill in the relative path with ".", generally
is the default. This allows an attacker to arbitrarily modify and execute files on the target server, regardless of whether or not he has read or write access to the file.
Therefore, those who provide a personal homepage of ASP services or other services of the server, you should be doubly careful of this attack.
Vulnerability resolution
In fact, Activer Server Explorer uses the vulnerability 4 FileSystemObject component to tamper with the download of any file on a FAT partition.
Loopholes.
So how can we restrict users from using FileSystemObject objects? An extreme approach is to completely reverse the registration of the FileSystemObject object.
Component, which is Scrrun.dll. The specific methods are as follows:
Under MS-DOS status, type:
Regsvr32/u C:windowssystemscrrun.dll
(Note: To change your local actual path when you actually do it)
But in this case, you can not use the FileSystemObject object, and sometimes use the FileSystemObject object to manage the file is very convenient, there is any way to
What's the most of both worlds?
We can prevent others from illegally using FileSystemObject objects, but we can still use this object ourselves.
The method is as follows:
Find in the registry
Hkey_classes_rootscripting.filesystemobject Key value
Change it to the string you want (right---> "rename"), such as changing to
Hkey_classes_rootscripting.filesystemobject2
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.