Microsoft's benefits of ASP mentioned when the ASP is: Active Server Pages source programs will not be transferred to the customer browser, so that the source program can be plagiarized by others and improves the security. However, due to some vulnerabilities exist in NT, IIS, and the ASP system itself, it is possible to expose the ASP source to the three vulnerabilities and solutions that are currently disclosed.
[Method 1] ASP routine comes with the NT system: showcode.asp, code.asp or codebrws.asp
This routine can be used to display anywill text files on the server, including ASP. Use this method to call: http://www.server.com/msadc/samples/selector/
Showcode.asp?
Source = / msadc / samples / selector / showcode.asp
Source is used to specify the file you want to view.
Workaround: Delete these routines on the server, for the server on the network, these routines are without any use. Alternatively, in the Internet Service Manager, all the virtual directories that are automatically created by NT from NT are removed or changed to difficult to be guessed. Such as: scripts directory, iisadmin directory, Iissamples directory, msadc directory, IISHELP directory, webpub directory, _vti_bin directory, printers directory, etc.
[
Method 2] Adding special strings after .asp file name
Suppose you want to view the source file of http://www.server.com/file.asp, you can add some special strings after File.asp. If the system vulnerability is not completed, the output code will be displayed (you can View "View" "Source File" through the browser). These strings have the following:
Http://www.server.com/file.asp
(Suitable for PWS 3.0 under Win 95)
2. http://www.server.com/file.asp
:: $ data
3. http://www.server.com/file.asp
% 81 or
% 82
4. http://www.server.com/file.asp
% E9 or
% e8
5. http://www.server.com/file.asp
& 2e
6. http://www.server.com/file
% 2E% 41SP
7. http://www.server.com/file
% 2E% ASP
Workaround: Play SP5 or SP6 to NT 4.0. Whenever the software is installed on the server (such as IE5, Office and other software) must re-play SP5 or SP6, otherwise the vulnerability may appear again. If SP5 or SP6 is temporarily found, you can remove the "read" permissions of the directory where the ASP program is located in IIS, which can only give this vulnerability, but if this catalog is available. HTM and pictures and other documents, this will result in .htm and pictures in this directory cannot be read.
[
Method 3] Null.htw vulnerability of Microsoft Index Server
Null.htw file is not a real system mapping file, so it is just a virtual file stored in system memory. Even if you have removed all the true .htw files from your system, because the request for null.htw file is processed by WebHits.dll.
Suppose you want to view http://www.server.com
/DIR/file.asp source code, you can use this method:
http://www.server.com/
null.htw? ciWebhitsfile = / DIR / file.asp
% 20 & Cirestriction = None & CiHilittype = FULL
If this vulnerability is not blocked, you can see the source code of File.asp.
/DIR/file.asp For files to view source code, you must count from the "/" directory.
Solution:
Most websites do not need webhits.dll, so you can open "Internet Service Manager" -> Select "Default Web Site" (or the site I have established by yourself) -> Use the mouse to right, Select "Properties" in the pop-up menu -> Select "Main Directory" tab -> Click "Configure" -> Select "Apply Mapping" -> Find the "Extension" for .htw .ida .idq. Htr These lines, click "Remove" to move their mapping from the server. You can also change the extension into other names to recover when you need it.
If the function provided by WebHits is that the system must, download the appropriate patch.
For Index Server 2.0 (IIS 4.0 under NT 4.0)
patch:
http://www.microsoft.com/downloads/release.asp?releaseid=17727
For Windows 2000 INDEXING SERVICES (IIS 5.0)
patch:
http://www.microsoft.com/downloads/release.asp?releaseid=17726
