您所在位置:主题:ASP安全性问题
xgw2000
[专家分:0] 发布于 2008-04-05 16:49:00
我做的ASP风站用Acunetix测试工具进行扫描后检测出如下的一些安全漏洞:
Alerts summary
Blind SQL/XPath injection
Affects Variations
/office/guestre.asp 1
Cross Site Scripting
Affects Variations
/guestwms.asp 1
SQL injection
Affects Variations
/citydiplay.asp 2
/office/ggadmin.asp 24
Application error message
Affects Variations
/citydiplay.asp 2
/dashiji.asp 1
/jiguanjigou.asp 1
/office/aclassOnems.asp 17
/office/cityadd.asp 4
/office/citymdel.ASP 4
/office/citymodifile.asp 2
/office/ggadd.asp 4
/office/ggadmin.asp 14
/office/picdel.asp 3
/office/publicadd.asp 86
/office/publicdel.ASP 2
/office/publicmodifile.asp 2
/zhuanmwyh.asp 1
如其中的
/citydiplay.asp
Details
The GET variable oid has been set to %2527 .
Request
GET /citydiplay.asp?oid=%2527 HTTP/1.0
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)
Host: www.fjmg.org
Cookie: ASPSESSIONIDQQQTCRBA=OKKPDJJBGMFDGIFKDHKHCBCN
Connection: Close
Pragma: no-cache
Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL)
Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED
Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm
Response
HTTP/1.1 500 Internal Server Error
Connection: close
Date: Wed, 02 Apr 2008 09:13:17 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 696
Content-Type: text/html
Cache-control: private
应如何进行修改呢,请大家指教
Alerts summary
Blind SQL/XPath injection
Affects Variations
/office/guestre.asp 1
Cross Site Scripting
Affects Variations
/guestwms.asp 1
SQL injection
Affects Variations
/citydiplay.asp 2
/office/ggadmin.asp 24
Application error message
Affects Variations
/citydiplay.asp 2
/dashiji.asp 1
/jiguanjigou.asp 1
/office/aclassOnems.asp 17
/office/cityadd.asp 4
/office/citymdel.ASP 4
/office/citymodifile.asp 2
/office/ggadd.asp 4
/office/ggadmin.asp 14
/office/picdel.asp 3
/office/publicadd.asp 86
/office/publicdel.ASP 2
/office/publicmodifile.asp 2
/zhuanmwyh.asp 1
如其中的
/citydiplay.asp
Details
The GET variable oid has been set to %2527 .
Request
GET /citydiplay.asp?oid=%2527 HTTP/1.0
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)
Host: www.fjmg.org
Cookie: ASPSESSIONIDQQQTCRBA=OKKPDJJBGMFDGIFKDHKHCBCN
Connection: Close
Pragma: no-cache
Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL)
Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED
Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm
Response
HTTP/1.1 500 Internal Server Error
Connection: close
Date: Wed, 02 Apr 2008 09:13:17 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 696
Content-Type: text/html
Cache-control: private
应如何进行修改呢,请大家指教
