Security risks of ASP. NET-File Operations

. Net file operations pose a huge security risk. After writing a few files to the VM, you can not only view the files on the VM, but also delete a series of file operations.
Drive directory

Getit. aspx. CS

String [] Drivers = Directory. getlogicaldrives ();
Int Numofdriver = Drivers. length;
For ( Int I = 0 ; I < Numofdriver; I ++ )
{
Response. Write ( " <A href = listdir. aspx? Dir = "   + Server. urlencode (drivers [I]) +   " > "   + Drivers [I] +   " </A> <br> " );
}

Listdir. aspx. Cs get the file

String Strdir = Request. querystring. Get ( " Dir " );
Try
{
Directoryinfo thedir = New Directoryinfo (strdir );
Response. Write (strdir +   " Creation Time: "   + Thedir. creationtime. tostring () +   " <Br> " );
// Obtain sub-Directories
Directoryinfo [] subdir = Thedir. getdirectories ();
Response. Write ( " Folder " );
For ( Int I = 0 ; I < Subdir. length; I ++ )
{
Response. Write ( " <Br> <a href = listdir. aspx? Dir = "   + Server. urlencode (subdir [I]. fullname) +   " > "   + Subdir [I]. fullname +   " </A> " );
}
Response. Write ( " <Br> " );
// Get File
Response. Write ( " File " );
Fileinfo [] thefiles = Thedir. getfiles ();
For ( Int I = 0 ; I < Thefiles. length; I ++ )
{
Response. Write ( " <Br> <a href = showfile. aspx? File = "   + Server. urlencode (thefiles [I]. fullname) +   " > "   + Thefiles [I]. fullname +   " </A> " );
Response. Write ( " & Nbsp; <a href = delfile. aspx? File = "   + Server. urlencode (thefiles [I]. fullname) +   " > Delete </a> " );
}
}
Catch (Exception ex)
{
Response. Write (ex. tostring ());
}

Showfile. aspx. CS Read File Information

String Strfile = Request. querystring. Get ( " File " );
Fileinfo File = New Fileinfo (strfile );
Response. Write ( " <Br> " );
Response. Write ( " <Br> Name: "   + File. Name );
Response. Write ( " <Br> path: "   + File. fullname );
Response. Write ( " <Br> current directory: "   + File. Directory );
Response. Write ( " <Br> Creation Time: "   + File. creationtime. tostring ());
Response. Write ( " <Br> size: "   + File. length. tostring () +   " Bytes " );
Response. Write ( " <Br> last access time: "   + File. lastaccesstime. tostring ());
Response. Write ( " <Br> last modification time: "   + File. lastwritetime. tostring ());
Response. Write ( " <Br> " );
Response. Write ( " Open with text (read a certain number of characters) "   +   " <Br> " );

Streamreader = File. opentext ();
Char [] Buffer = New   Char [ 255 ];
Int Nread = Reader. readblock (buffer, 0 , 255 );
Response. Write ( " <PRE> " );
Response. Write (server. htmlencode ( New String (buffer, 0 , Nread )));
Response. Write ( " </PRE> " );