Security issues in ASP files

What security issues may be in the ASP?

ASP has a simple, easy-to-use, multi-function, scalability and other powerful functions, but there are some problems. For example, if you use ASP, the security of the network can be greatly reduced! For an example, follow the steps below:

(1) Download this file from the Http://home.gbsource.net/xuankong/dll.zip, unzip and then copy the Test.dll file to C:\Windows\System (if you are using NT, Please copy to the corresponding directory);

(2) Next Open "Start/Run" menu to enter "regsvr32 test.dll" command;

(3) Copy the unpacked package of the index.asp to your server directory (if you are using PWS debugging can be copied to the "C:\inetpub\wwwroot", NT please copy to the corresponding directory);

(4) Change a machine to use IE to browse index.asp file to see (you see the error code, but in fact, the program has already run), you return to your machine to look at the c:\ below is not more than a file? A file named Xuankong.dat (in fact, if I want to, your C:\autoexec.bat file page can be opened by me and written in some like "format c:/q/u" and other commands, so the next time you restart, the results will be self-evident).

How is the security issue with ASP pages generated?

Let's take a look at what's going on, the DLL files you just copied are actually a main piece I developed using Visul Basic5, which is generated by the following steps:

(1) Open VB5 a new "ActiveX.dll" file, bar The following code input:

Private Declare Function ExitWindowsEx Lib "user32"_(ByVal uFlags As Long,ByVal dwReserved As Long)_As LongSub Xuankong ( ) "请不要加上"private"a$ = InputBox ("请输入你的姓名，如果你输入的是"xuankong""+Chr(13)+Chr(10)+"则会在你的系统中生成一个"xuankong"文件"+Chr(10)+Chr(13)+"否则你的机器可能会重起","请输入","xuankong")If a$ = "xuankong" ThenOpen "c:\xuankong.dat" For Append As #Write#1,"我的朋友，这是一个asp主件测试程序"#Write#1,"hello world!this is a test"#Write#1,"如果你看到这个文件测试就成功！"elseExitWindowsEx&H43,0使用API函数重新启动机器End ifClose #1End sub

(2) Change the project name to a DLL, the class module to test, and then the project to generate DLL files to the C:\Windows\System directory.

(3) Create a new index.asp file to enter the following code:

(4) Copy index.asp to your server, and follow the above method to debug!

Summarize:

The above is the ASP main part of the security issue! In addition, if some authors write ASP main pieces of the time inadvertently leave the system bug! That's even more difficult to find! may also bring unexpected problems.