What are the possible security issues in ASP?
ASP has powerful functions such as simplicity, ease of use, multi-function, and scalability, but it also has some problems. For example, if you use ASP, the security of the network may be greatly reduced! Here is an example for you, please follow the steps below:
(1) Download this file from http://home.gbsource.net/xuankong/dll.zip, decompress it and copy the test.dll file to c:/windows/system (if you are using NT, Please copy to the corresponding directory);
(2) Next open the Start/Run menu and enter the regsvr32 test.dll command;
(3) Copy the index.asp in the decompressed file package to your server directory (if you are using PWS debugging, you can copy it to c:/inetpub/wwwroot, NT please copy it to the corresponding directory);
(4) Change a machine and use IE to browse the index.asp file and take a look (what you see is an error code, but in fact the program is already running), then return to your machine and take a look at c:/ to see if it is below One more file? A file named xuankong.dat (In fact, if I want, your c:/autoexec.bat file page can be opened by me and I can write some commands like format c:/q/u, etc., then wait until you restart next time , the results are self-evident).
How does the security problem of ASP pages arise?
Let's take a look at what's going on. The dll files you just copied are actually a main component I developed using Visul Basic5. This file was generated through the following steps:
(1) Open VB5 to create a new ActiveX.dll file and enter the following code:
Private Declare Function ExitWindowsEx Lib user32_(ByVal uFlags As Long,ByVal dwReserved As Long)_As LongSub Xuankong ( ) Please do not add privatea$ = InputBox (Please enter your name. If you enter xuankong+Chr(13)+Chr(10)+, a xuankong file+Chr(10)+Chr(13)+ will be generated in your system. Otherwise, your machine It may restart, please enter,xuankong)If a$ = xuankong ThenOpen c:/xuankong.dat For Append As #Write#1, my friend, this is an asp main component test program #Write#1, hello world! this is a test#Write#1, if you see this file, the test will be successful! elseExitWindowsEx&H43,0Use API function to restart the machineEnd ifClose #1End sub
(2) Change the project name to dll and the class module to test, then generate the dll file from this project to the c:/windows/system directory.
(3) Create a new index.asp file and enter the following code:
<html> </html>
(4) Copy index.asp to your server and debug according to the above method!
Summarize:
What is mentioned above is the security issue of ASP mainware! In addition, if some authors write ASP main content again,