First, the major hidden dangers in the ASP.NET virtual host
I have applied for a free ASP.NET space at www.brinkster.com, uploading two programs, one of the programs to view directory and files prove my judgment: ASP shared space server exists, in ASP sharing The space server still exists and becomes more difficult to prevent! Through this program I can browse all users' ASP programs, you can view the system log of the server ..., of course, if I want to delete something, there will be no problem. In order to let everyone know more about this problem, we must briefly introduce this problem that already exists in the ASP.
Standard components commonly used in ASP: FILESYSTEMOBJECT, this component provides powerful file system access capabilities for ASP, read and write, delete, renamed any permissions on the server hard disk. The FSO object comes from the Script Runtuance Scrrun.dll provided by Microsoft.
Use the following code to create an FSO object in the ASP:
SET FSO = CreateObject ("scripting.filesystemObject")
We use the FSO objects that include, such as Drive, Drives, Folder, Floders, File, Files, etc., write, delete, etc., write, delete, etc. This powerful file system access capabilities bring serious security issues to the ASP shared space providers, and many ASP space administrators delete this component or rename this component to avoid users using this standard component. Deleting components or component renons are indeed a simple way and is also very effective, but the majority of users cannot use its powerful features. There is also a beautiful program that allows users to use the FileSystemObject component without affecting the security of the server, that is, set an independent server user and a single directory for each user. But this method is problematic. Because the problems in this regard in ASP and ASP.NET are very similar, we will add in accordance with the corresponding solutions of ASP.NET.
In ASP.NET we found this problem, it is more difficult to solve. This is because .NET's functionality about the system IO operation becomes more powerful, which makes this problem more seriously a new feature of ASP.NET, which requires the components that must be used as Regsvr32 like ASP. Register, you can use it directly to use the DLL class library file to the bin directory. This feature does have a great convenience to developing ASP.NET, but let us lose this DLL to delete or change the solution in ASP, and prevent this issue more complicated. Before discussing the solution, let's take a look at how to achieve the above hazardous features.
Second, the file system operation example
Before we write the code, it is necessary to understand the few main classes we need to use. These classes are under System.io Namespaces, and the System.io namespace contains classes that allow synchronization and asynchronous read and write on data streams and files.
At the beginning of the entire application, we need to understand the system information of the server, which requires the System.Environment class that provides information about the current environment and platforms and how they operate. We can get the current directory and system directory of the system via the System.Environment class, which makes us discover a few key directories faster; we can also help us understand the ASP.NET program by getting the username running the current process. Users used to further set user rights to avoid this security problem.
We also have to use the other classes of the SYSTEM.IO namespace:
System.io.directory: Provides classes for creating, moving, and enumerating static methods through directory and subdirectories
System.IO.FILE: Provides a class system.io.fileinfo for creating, copying, deleting, moving, and opening files: providing an instance method for creating, copying, deleting, moving, and opening files
System.io.StreamReader: Implement a TextReader to read characters from the byte stream in a specific code.
Specific use of the properties and methods of each of the classes we use. We will explain in the program in the way in the code annotation.
In the Mscorlib.dll provided by .NET Framework, you need to reference this DLL to this item before using VS.NET programming.
The programs we have written have used the codebehind mode, that is, each ASPX program has a corresponding ASPX.CS program, and the ASPX program is just written with the page display related code, all logical implementation code is placed in the corresponding ASPX. In the CS file, this can be more appropriate to display the separation of logic. Since our purpose is not to discuss CodeBehind technology, it will not be discussed.
In this article, we only introduce several major classes and their key methods, please check the included source code.
Program 1: Programs that display the current information of the server and the name of all logical drives listdrivers.aspx
Main Method 1: We use getSysInf () methods to get information about the current environment and platform of the server.
// Get system information method, this method is in the listdrivers.aspx.cs file public void getsysinf () {// Get operating system type QDrives = Environment.OSVERSION.TOSTRING (); // Get System Folder QSystemDir = Environment. SystemDirectory.toString (); / * Get the amount of physical memory mapped to the process, you can understand how much system physical memory is required at runtime, which helps better plan our entire application when running. Since the physical memory is based on byte, we divide this value at 1024, which can obtain physical memory of KB * / qmo = (Environment.workingSet / 1024) .tostring (); // Get the current The fully qualified path of the directory (ie, the directory started from the process) qcurdir = Environment.currentDirectory.tostring (); // Get the host's network domain name qDomname = Environment.UserDomainName.tostring (); // Get the milliseconds after the system is started QTICK = Environment.tickCount; // Calculate the number of minutes after the system is started QTICK / = 60000; // Get machine name qmachine = Environment.MachineName; // Get the username Quser = Environment.userName; / * Retrieve the name of the logical drive of "
System information does not need to operate, we simply use ASP: Label to show them. The number of logical drives is not unclear on different servers, so the name of the logical drive is saved in different servers, and the name of the logical drive is also the foundation of our next browsing directory and file, so we use the data grid DataGrid. Display and process it. Display and handle the DataGrid code of the logical drive name (code at the listdrivers.aspx file):
The first two BoundColumn is a display serial number and the actual logical drive name. It is necessary to explain that the third column is the file that needs to pass the selected logical drive to the display directory before entering each logical drive display directory and file. Go, so you need a special hyperlink row HyperLinkColumn, we set DataNaviGateURLField to the field where you want to bind to the hyperlink URL in HyperLinkColumn, that is, the logical drive name. Then when the DataNavigateURLFORMATSTRING is set to the field of the URL data to bind to the data source, the URL of the hyperlink in this hyperlinkColumn is the next level processing page to which you want to link, which is listdir.aspx? DIR = {User click on the logical drive name}
Create a data source (code in the listdrivers.aspx.cs file):
// Returns a collection of data views in a collection of data view DataViewicollection createDataSource () {// Defines data table DataTableDataTable DT = new data () DataTableDataBLEDATABLE DT = New DataTable (); // Defines a line of data in DataTable DataRowDataRowDataRowDataRowDataRowDataRowDataRowDataRowDataRowDataRowDataRowDataRowDataRowDataRowDataRowDataRowDataRowDataRowDataRowDataRowdTarow DR; / * Added to DataTable A column, format: Datacolumn ("Column", type) Column is the name of the data column, TYPE is the data type of data column * / dt.columns.add (New Datacolumn ("ID", Typeof (INT32))); DT .Columns.add (New Datacolumn ("Drivers", TypeOf (String))); DT.COLUMNS.ADD (New DataColumn ("Detail", TypeOf (String)))); // Use the for loop to use the for loop to use the name of the logical drive to Add to Data Table DataTable in FOR (INT i = 0; i Data binding code (code in listdrivers.aspx.cs): / * Set DataGrid data source DataSource for our data view DataView * / DriversGrid.DataSource = CreateDataSource (); // to bind DRIVERSGRID.DATABIND (); //. Through several main methods described above, we implemented system information and display all logical drive names, and can enter the next display directory and file name by the corresponding link ListDir.aspx Display all the logical drives Directory and files. Procedure 2: Program Listdir.aspx in display all subdires and files in the directory There are two forms of subdirectories and files in the catalog, must be treated separately. We call this program itself to list the subdirectory, and the file we need to call the showfile.aspx program to display the properties and content of the file. And both have different deletion methods, so we set up two DataGrid, two DataTable, two DataView, handle and display directory and files, respectively. Display and process the DataGrid code of the directory and file (code at listdir.aspx file): The data column that displays the serial number and name of the directory or file is similar to the corresponding code in the listdrivers.aspx program, which is no longer repeated. For subdirectory and files have their own processing pages, they need to navigate to two different pages. For subdirectories, we continue to list subdirectory and files under ListDir.aspx program: We used a deleted button column in two DataGrid: Due to the addition, update, delete function columns are DataGrid's default template columns, you can automatically add this column to the property generator through the DataGrid in VS.NET. Get the code for the parameters passed by the previous page: Since the parameters passing by the previous page are required to determine the name of the directory and file in the method of generating a data source below, the following code is used in the page_load method of the page: STRDIR2LIST = Request.QueryString ["DIR"]; String strDir2list is the directory name or file name. Because we used two Dategrids, we need two data bindings, there are two ways to generate data sources. Method for generating a directory data grid (Dirgrid) data source: // Returns a collection of data view DataView in the form of a collection of DataGridicollection CreateDataSourceDir () {DTDIR = New DataSourceDir () {DTDIR = New DataTable (); DATAROW DR; / / Add new data columns to DataTable, four columns DTDIR .Columns.add (New Datacolumn ("Dirid", TypeOf (INT32))); DTDIR.COLUMNS.ADD (New Datacolumn ("DirName", TypeOf (String))); DTDIR.COLUMNS.ADD (New Datacolumn ("Deldir ", TypeOf (String)); DTDIR.COLUMNS.ADD (New Datacolumn (" DIRDETAIL ", TypeOf (String))); // According to the incoming parameter (directory name), get the character in this directory all sub-directory names String array string [] Direntries = Directory.getDirectories (strDir2list); // Using the Foreach loop to traverse the array of unknown lengths for the array of unknown Foreach (String DirName in Direntries) {DR = DTDIR.NEWROW (); DR [0] = i ; // Serial number DR [1] = DIRNAME; // folder name DR [3] = "Delete"; DR [3] = "View Details"; DTDIR.ROWS.ADD (DR); i ;} DataView DVDIR = NEW DATAVIEW (DTDIR); // Returns the obtained data view Return DVDIR;} Method for generating a file data grid: // Returns a collection of data view DataView in a collection of data to initialize the DataGridicolction of the file. CreateDataSourceFile () {dtFile = new DataTable (); DataRow dr; dtFile.Columns.Add (new DataColumn ( "FileID", typeof (Int32))); dtFile.Columns.Add (new DataColumn ( "FileName", typeof (string )))))); DTFILE.COLUMNS.ADD ( New Datacolumn ("Delfile", TypeOf (String)); DTFile.Columns.Add (New Datacolumn ("FileDetail", TypeOf (String))))); // According to the incoming parameter (directory name), get all this directory all File name strings array string [] filentries = Directory.getFiles (strDir2list); forward (string filename in filentries) {DR = DTFILE.NEWROW (); DR [0] = i; dr [1] = filename; DR [ 2] = "Delete"; DR [3] = "View Details"; DTFile.Rows.Add (DR); i ;} DVFile = New DataView (DTFile); Return DVFile;} We have a programming to implement two DataSource only The data binding of the two DataGrid can be displayed on the dataGrid of the ASPX page in the page_load method of the page. Data binding code: / / The subdirectory data list DirGrid is data source definition and data binding Dirgrid.DataSource = createDataSourceDir (); Dirgrid.Database (); // Data source definition and data binding filegrid.DataSource = CreateDataSource definition (); Filegrid.database (); Through the main methods introduced by us, we implements a list of all subdirectories and files in a logical drive or directory, and can further browse the subdirectory according to the display result. Or view the properties and content of the file. The browsing subdirectory is still through the list of listdir.aspx, without any subdirectories, without directory depth restrictions. Delete subdirectory and file main methods and code: When deleting subdirectory, we need to use the Directory.Delete (String, Bool) method, this method has two: 1. Public Static Void Delete (String); Delete the empty directory from the specified path. 2. Public Static Void Delete (String, Boolean); Delete the specified directory and delete any subdirectories in the directory, if you set the Boolean to true, remove all subdirectories and files in this directory, otherwise set Boolean to false. Here we use the second method. If you choose to delete, you will delete all subdirectories and files in this directory. Note: All methods of the Directory class are static, so there is no need to have an instance of directory Directory. / * Implement the method of deleting subdirectory, this method is automatically added for VS.NET, pay attention to DataGridCommandEventArgs E for the ButtonColumn of CommandName = "Delete" in Dirgrid, through this event, we can get the ButtonColumn button column of that line is clicked. Furthermore, we need to delete the name of the subdirectory * / private void Dirrid_DeleteCommand (Object Source, System.Web.ui.WebControls.DataGridCommandEventArgs E) {/ * Defines a cell, E.Item is all the rows of this event. Project, E.Item.cells [1] is the content of the second cell of the entire row, in this dataGrid, name * / Tablecell Itemcell = E.Item.cells [1]; // Get this String Item = itemcell.text; // delete this subdirectory directory.delete (item, true); // Delete data binding to update data list Dirgrid.DataBind () When you delete a file, we need to use file.delete (String Path); Note: All methods of the FILE class are static, so there is no need to be called without the instance of the directory. private void FileGrid_DeleteCommand (object source, System.Web.UI.WebControls.DataGridCommandEventArgs e) {TableCell ItemCell = e.Item.Cells [1]; // This file name string to the string of item = ItemCell.Text; // Delete This file file.delete (item); / / After deleting, data binding to update data list Dirgrid.Database (); Through the main method of the upper, we implements a function of deleting a subdirectory or file on the page. This feature requires careful use when testing, and once the deletion cannot be recovered through a regular method. Other methods such as directory or file rename, modification, and other methods can be added based on this program, and the implementation method is also very simple. Dear lovers can expand into a web-based server file management system by adding a corresponding function. We can also see the hazard of this program, a file system that does not have a server that takes preventive measures to prevent measures in front of the user who uses this procedure. Program 3: Programs show file properties and content showfile.aspx Two main classes that need to be used when displaying properties and content: System.io.fileinfo: Provides an instance method for creating, copying, deleting, moving, and opening files and helping to create a FileStream object. System.io.StreamReader: Implement a TextReader to read characters from the byte stream in a specific code. Unless otherwise specified, StreamReader's default code is UTF-8 instead of the ANSI code page of the current system. UTF-8 can properly handle the Unicode character and provide consistent results on the localized version of the operating system. Showfile.aspx page main code: We just display the properties and part of the files on this label. So there is no other complex code. Getting the main code for file information and content is in the page_load method (the code is in the showfile.aspx.cs file): / / Receive the incoming parameters, determine the file name that needs to be operated Strfile2Show = Request.QueryString ["file"]; Name: "; FileDetail.Text = Strfile2Show " Through these three simple programs, I think everyone can clearly understand the harm of this vulnerability. If we don't prevent prevention, other users' programs can be viewed, deleted, servers System logs, system files are not available.
"; FileDetail.Text =" File Size "; // Get the size of the file, then the transform unit is kbfiledail.text = (FI.LENGTH / 1024). TOSTRING () "k
"; FileDetail.Text = "Create a file time:"; // Get the date of the file FileDetail.Text = FI.CRETIONTIME.TOSTRING (); FileDetail.Text = " Secondary access time: "; // obtain the last access date of the file FileDetail.Text = FI.lastaccesstime.toString () "
"; FileDetail.Text =" last write time: "; // Get the last write date FileDetail.Text = FI.lastwrittime.tostring () "
"; // instantiate a StreamReader object, for reading this fileInfo, StreamReader FileReader = FI.OpenText ); // Define a character array of length 1000 as a buffer char [] thebuffer = new char [1000]; / * readblock method: read the maximum number of characters from the current stream and starting the data from the index Buffer. Parameters: Char [] Buffer: When the method returns, the specified character array int index: buffer is started to write in the INT Count: the number of characters read, * / int Nread = fileReader.Readblock (Thebuffer, 0, 1000) FileDetail.Text = New string (thebuffer, 0, nread); // Close this streamReader and release all system resources with it FileReader.close (); to now, we implemented a simple web page server Disk management applications, you can view, delete directories and files. If you need to modify files, new files, and folders, you can add the corresponding code to the corresponding code. Since we simply explain the security risks existing in the server through this program, these features are no longer implemented here.
