Three methods to disable the FileSystemObject component

As we all know, the powerful and destructive feature of the FileSystemObject component is that it is often used as a free homepage.

I sorted out the reasons for disabling the service provider (which supports ASP). I found only two methods.

When someone is excited, it is hard to think of the third unknown method.

First, use RegSrv32/u C: \ WINDOWS \ SYSTEM \ scrrun. dll (win98 path) to log out of the group.

. This method is too cool and belongs to the same method, which is useless to everyone.

Type 2: Modify the value of Progid. The method for calling components in ASP is usually Set object name = Server.

CreateObject ("Progid"), then we can modify the Progid value in the registry from

To disable this component. In start-run, enter regedit and find HKEY_CLASSES_ROO.

T \ Scripting. FileSystemObject. Now we can change the value of this Progid, such

To Scripting. FileSystemObject8. The following code is called on the ASP page:

<% @ Language = Vbscript %>

<%

Set Fs = Server. CreateObject ("Scripting. FileSystemObject8 ")

%>

(If you have not called this component before, you do not need to restart it to see the effect. Otherwise, please re-

Check the effect after startup .)

At this time, let's look at the results of the original call method:

<% @ Language = Vbscript %>

<%

Set Fs = Server. CreateObject ("Scripting. FileSystemObject ")

%>

The running result is:

Server Object error 'asp 0177: 800401f3'

Server. CreateObject failed

/Aspimage/testfile2.asp, Row 3

800401f3

(OK to meet our requirements)

The method is delayed by two steps, and the result is answered by others, which greatly stimulates me.

The third method is generated.

Third: Careful experts will think that since the component can be disabled by modifying the Progid value, Clsid is

Can it be modified? (OK, you want to be the same as me) We know that except for the CreateObject method

You can also use the general <object> annotation to create a component. We can use HTM in ASP.

L <object> annotation to add a component to the webpage. The method is:

<Object runat = server id = fs1 scope = page progid = "Scripting. FileSystemObj

Ect "> </object>

Runat indicates that the task is executed on the server, and Scope indicates the life cycle of the component. You can select Session and Appl.

Ication or page (indicating the current page, or by default)

This method is useless to us. Another method is:

<Object runat = server id = fs1 scope = page classid = "clsid: clsid value"> </obj

Ect>

You can also disable this component by modifying the value of this Clsid. For example, you can disable HKEY_CLASSES_RO in the registry.

OT \ Scripting. FileSystemObject \ CLSID value 0D43FE01-F093-11CF-8940-00A0C90

54228 changed to 0D43FE01-F093-11CF-8940-00A0C9054229 (changed the last one ).

Written:

<Object runat = server id = fs1 scope = page classid = "clsid: 0D43FE01-F093-11

CF-8940-00A0C9054229 & gt; </object & gt;

Check the running result. No problem. OK. At this time, we use

<Object runat = server id = fs1 scope = page classid = "clsid: 0D43FE01-F093-11

CF-8940-00A0C9054228 & gt; </object & gt;

At this time, an error occurs.

Create a user: iusr_domain

Set the site's anonymous user IUSR_DOMAIN in IIS

CACLS: Set Directory Permissions

In this way, FSO is available, but it will not affect others.