Security problems in ASP main parts

Security | issues

Microsoft introduced ASP to simple, easy to use, multi-function, scalability and other powerful features of netizens and most of the favor of network management, a complete replacement for the trend of CGI, but there are some problems here, if using ASP, your network security also greatly reduced! For an example, follow the steps below:

1, download this file Http://home.gbsource.net/xuankong/dll.zip, decompression after the Test.dll file copy to C:\Windows\System (if you are using NT, Please copy to the corresponding directory);

2, Next Open "Start/Run" menu to enter "Regsvr32test.dll" command;

3, copy uncompressed package of the index.asp to your server directory (if you are using PWS debugging can be copied to the "C:\inetpub\wwwroot", NT please copy to the corresponding directory);

4, change a machine with IE browse index.asp file to see (you see is the error code, but in fact, the program has been running), you return to your machine to see if the c:\ below is not a more than a file? A file named Xuankong.dat (in fact, if I want to, your C:\autoexec.bat file page can be I open and write some like "format c:/q/u" and other commands, then when you restart the next time, hey. ）。

Let's take a look at what's going on, the DLL files you just copied are actually one of the main pieces I developed using Visul Basic5:
1, open VB5 new "ActiveX.dll" file, bar The following code input:
Private Declare Function exitwindowsex Lib "User32" _
(ByVal uflags as Long,byval dwreserved as Long) _
As Long
Sub Xuankong () "Please don't add private."
A$=inputbox ("Please enter your name if you entered" Xuankong "" +CHR "+CHR (10) +
"You will generate a" Xuankong "file in your system +CHR +CHR (13) +
"Otherwise your machine may be reset", "Please input", "Xuankong")
If a$= "Xuankong" Then
Open "C:\xuankong.dat" for Append as #Write #, "My friend, this is an ASP Master test program"
#Write #, "Hello World!this is a test"
#Write, "If you see this file test will succeed!" "
Else
exitwindowsex&h43,0 use API function to reboot machine
End If
Close #1
End Sub
2, change the project name to a DLL, change the class module to test, and then generate the DLL file into the C:\Windows\System directory below the project.
3, create a new index.asp file to enter in the following code:
$#@60;html$#@62;$#@60;head$#@62;$#@60;title$#@62; This is a test $#@60;/title$#@62;$#@60;/head$#@62 about ASP main parts;
$#@60;body$#@62;
$#@60;% set Rs=server.createobject ("Dll.test")%$#@62;
$#@60;% set Rs1=rs.xuankong Rs1.execute%$#@62;
$#@60;/body$#@62;
$#@60;/html$#@62;
4, copy index.asp to your server, and follow the above method to debug!

The above is the ASP main part of the security issue! In addition, if some authors write ASP main pieces of the time inadvertently leave the system bug! That's even more difficult to find!