Whether you believe it or not, through the ASP, it is possible to easily invade the Web server, steal files on the server, capture
Web
Database systems such as user passwords, and even malicious delete files on the server until the system is damaged, these are not sensational, and indeed have happened, this article will reveal to you one by one of these
The vulnerabilities existing in ASP, and put forward some precautionary opinions.
In the previous article to everyone focused on the "ADO
How to page pagination when accessing the database "I have a friend who wrote me that I ignored the total number of pages when I counted them.
An important parameter of the Recordset object "PageCount", which can be given to Pagesize
When you assign a value, you automatically get the total number of pages, without the cumbersome formula "INT (rs.recordcount/pgsz*-1) *-1". I would like to thank this friend for his enthusiasm for pointing out the deficiencies in the program because I wrote it a long time ago, because the total number of records in the paging display does not necessarily divide the number of pages displayed, and I am not sure
PageCount
Whether the number of pages can be correctly, so lazy to write this formula: And, frankly, I have not tried to use
PageCount, interested friends must try oh, but do not learn my laziness.
Recently, when I was discussing a problem on the BBS of chinaasp, I found many friends for ASP
Some of the security issues are not well understood, and even do not know how to solve the most common asp:: $DATA
Display the source code problem, so I think it is very necessary to give a lot of friends here to talk about this issue, in obtaining
With the chinaasp Bird's consent, I would have written him a little about ASP
Introduction to the vulnerability and some of my own practical experience to give you a detailed analysis of this for
Webmaster is critical for ASP security issues.
When last year:: $DATA
The loophole was discovered and announced the next day, and I had tested most of the domestic use
Asp
Site, where 99% of the above can see the source code problems, the same day I even in Microsoft's site grabbed
Search.asp
The source code for this file. You may feel that seeing the source code is nothing serious if as
Webmaster, you are wrong to think so. For example, if the ASP
The programmer writes the site's login password directly to the ASP
, then once the source code is found, others can easily enter the page should not be seen, I have used this method for free to become a toll site members (people do not expose me Oh!) , and many database connection user names and passwords are also written directly in the
Asp
, once discovered, if your database allows remote access and is not fortified, it is quite dangerous. In some use
ASP development of the BBS program, often using an Access MDB library, if the MDB
The path of inventory is known, the database is very likely to be downloaded by others, and if the database contains the password is not encrypted, it is very dangerous, the person who obtains the password if intentional malicious destruction, he only need to
Admin Identity Login Delete all BBS
In the post, it is enough to choke you. The following is a list of some of the vulnerabilities that have been identified, and I hope we can be more vigilant. After the experiment we found that
WIN95+PWS running ASP program, simply in the browser address bar ASP
Add a small dot after the file name ASP program will be downloaded. IIS3
There is also the same problem, if you are still using IIS3 must be tested.
A widely known loophole in Iis2, Iis3, and IIS4 is: $DATA, using it
IE's view source or Netscape directly accessing the ASP file makes it easy to see ASP
Code. Win98+pws4 There is no such loophole.
What is the cause of this terrible loophole? The root cause is actually
Windows NT-specific file systems are doing strange things. People with a little common sense are aware that in NT
Provides a file system that is completely different from FAT: NTFS, a technology called a new technology file system that makes
Nt
Has a high security mechanism, but it is because it has produced a lot of headaches. You may not know,
Ntfs
Supports the majority stream contained in a file, and the main data stream that contains all the content is called "data", thus making direct access in the browser
Ntfs
This feature of the system and the easy capture of the script in the file becomes possible. The direct result however
:: $DATA due to the fact that IIS
There was a problem parsing the filename, and it did not properly standardize the file name.
How can we solve the problem? There are several ways:
A, the directory where the. asp file is stored is set to unreadable (ASP
can still execute), so that HTML, CSS
Files cannot be placed in this directory, otherwise they will not be browsed.
b, is the installation of Microsoft-provided patches, download the address below (note that for different systems have different patches):
The patch is for IIS3, Intel platform
Ftp.microsoft.com/bussys/iis/iis-public/fixes/cht/security/iis3-datafix/iis3fixi.exe
The patch is for IIS3, Intel platform
Ftp.microsoft.com/bussys/iis/iis-public/fixes/cht/security/iis3-datafix/iis3fixa.exe
The patch is for IIS4, the Alpha platform
Ftp.microsoft.com/bussys/iis/iis-public/fixes/cht/security/iis4-datafix/iis4fixi.exe
The patch is for IIS4, the Alpha platform
Ftp.microsoft.com/bussys/iis/iis-public/fixes/cht/security/iis4-datafix/iis4fixa.exe
C, is installed on the server IE4.01SP1, this is effective, the author I have not specifically tried.
D, the author's personal opinion, as far as possible to install the English version of NT, and do not use the Chinese version, the reasons for the author is not well, just according to practical experience in English version of
NT is less than the Chinese version of bugs, if any friend know the reason must tell me.
Three. Support ASP
The free home space and the problems of the server facing the Virtual host service
1, the ASP code on the server is likely to be someone else with ASP
Permission of the person illegally acquired.
For a very simple example, there is an ASP in the ASP1.0 routine provided by Microsoft.
The file is designed to view the source code for other. asp files, which is
Aspsamp/samples/code.asp. If someone uploads the program to the server and the server doesn't have any precautions, he can easily view other people's programs.
For example:
Code.asp?source=/directory/file.asp
2. Access MDB used
Database may be downloaded by people generally in the provision of ASP
The free homepage server for the privilege is not possible to provide a service to set up DSN, so the ASP
The database used by the program is usually limited to using the MDB library, and the MDB
The remote database is in the same location as the dsn-less we talked about in the 14th issue.
method is specified directly in the ASP, as follows
<%CONNSTR =
"Dbq=" +server.mappath ("Database/source.mdb") + ";D efaultdir=;D River={microsoft
Access Driver (*.mdb)};D riverid=25;fil=ms
Access;implicitcommitsync=yes; maxbuffersize=512; maxscanrows=8; pagetimeout=5;
safetransactions=0; threads=3; Usercommitsync=yes; " %>
As the previous article says, in this case the MDB
Libraries are likely to be downloaded by others, causing leaks such as passwords.
Therefore, as webmaster should take certain measures, strictly prohibited code.asp
Programs like this (seemingly difficult to do, but can be retrieved regularly), restricting the MDB
of downloads.
3. Threats from powerful FileSystemObject components
IIS3, IIS4 ASP file operations can be done through the FileSystemObject
Implementation, including read-write directory operations for text files
