In this paper, classification and the asp / iis security problems and countermeasures, users do not advocate using the method mentioned in this article for any damage, or bring your own risk
通过asp入侵web server,窃取文件毁坏系统,这决非耸人听闻... Invasion by asp web server, theft of documents destroyed system, which by no means sensational ...
iis的安全性问题 iis security issues
1.iis3/pws的漏洞 1.iis3/pws vulnerability
我实验过,win95+pws上运行ASP程序,只须在浏览器地址栏内多加一个小数点ASP程序就会被下载下来。 I experimented, win95 + pws run the ASP program, only in the browser address bar to add a decimal point ASP program will be downloaded. IIS3听说也有同样的问题,不过我没有试出来。 IIS3 heard have the same problem, but I did not try out.
2.iis4的漏洞 2.iis4 vulnerability
iis4一个广为人知的漏洞是::$DATA,就是ASP的url后多加这几个字符后,代码也可以被看到,使用ie的view iis4 a well-known loophole:: $ DATA, is the url of ASP after more these characters, the code can also be seen, ie the view using
source就能看到asp代码。 source will be able to see the asp code. win98+pws4没有这个问题。 win98 + pws4 not have this problem.
解决的办法有几种,一是将目录设置为不可读(ASP仍能执行),这样html文件就不能放在这个目录下,否则html不能浏览。 There are several solutions, one is the directory to unreadable (ASP can still perform), so that html file can not be placed in this directory, or html can not browse. 二是安装微软提供的补丁程序。 Second, install the patches provided by Microsoft. 三是在服务器上依次安装sp3+ie4.01sp1+option Third, turn on the server install sp3 + ie4.01sp1 + option
pack+sp4。 pack + sp4.
3.支持ASP的免费主页面临的问题 3 free home support ASP problems
你的ASP代码可能被人得到。 Your ASP code can be obtained.
ASP1.0的例子里有一个文件用来查看ASP原代码,/ASPSamp/Samples/code.asp ASP1.0 example there is a file to view the ASP source code, / ASPSamp / Samples / code.asp
如果有人把这个程序弄上去了,他就可以查看别人的程序了。 If someone get this program up, and he can see someone else's program.
例如: code.asp?source=/someone/aaa.asp For example: code.asp? Source = / someone / aaa.asp
你使用的ACCESS数据库可能被人下载 You use the ACCESS database may be downloaded
既然ASP程序可以被人得到,别人就能轻而易举的知道你的数据库放在何处,并下载它,如果数据库里含有的密码不加密,那...就很危险了。 Since the ASP program can be obtained, other people can easily know where to put your database and download it, if the database contains the password is not encrypted, and that ... is very dangerous.
webmaster应该采取一定的措施,严禁code.asp之类的程序(似乎很难办到,但可以定期检索特征代码),限制mdb的下载(不知行不行) webmaster should take certain measures, non code.asp like the program (it seems very difficult, but can periodically retrieve the characteristics of the code), mdb download limit (I do not know okay)
4.来自filesystemobject的威胁 4 threat from filesystemobject
IIS4的ASP的文件操作可以通过filesystemobject实现,包括文本文件的读写目录操作、文件的拷贝改名删除等,但是这个东东也很危险。 IIS4 the ASP file operations can be achieved by filesystemobject, including reading and writing text files directory operations, rename or delete the file copy, but this stuff is very dangerous. 利用filesystemobjet可以篡改下载fat分区上的任何文件,即使是ntfs,如果权限没有设定好的话,同样也能破坏,遗憾的是很多webmaster只知道让web服务器运行起来,很少对ntfs进行权限设置。 Can tampering using filesystemobjet download any file on fat partition, even ntfs, if permission is not predetermined, the same can also be damaged, unfortunately only know so many webmaster web server up and running, rarely make ntfs permissions.
比如,一台提供虚拟主机服务的web服务器,如果权限没有设定好,用户可以轻而易举地篡改删除机器上地任何文件,甚至让nt崩溃。 For example, a service provided by the web server virtual host, if the permissions are not set, the user can easily tamper with the machine to delete any files, and even nt collapse.
程序请参考http://www.chinaasp.com/上的active server Please refer to the program on the active server http://www.chinaasp.com/
explorer,该程序可以浏览不设防web服务器的所有文件和目录。 explorer, the program can view the undefended web server all files and directories.
webmater应该将web目录建在ntfs分区上,非web目录不要使用everyone full webmater web directory should be built in the ntfs partition, do not use everyone full web directory
control,而应该是administrator才可以full control。 control, but should be administrator can full control.
警告:任何人不得利用此程序攻击他人的站点! WARNING: No person shall use this program to attack others sites!
Tidak ada komentar:
Posting Komentar