【发布时间】:2018-06-04 22:46:00
【问题描述】:
我做了这个网站,但是现在,有人给我发电子邮件并报告了以下错误:
Server Error in '/' Application.
Runtime Error
Description: An application error occurred on the server. The current
custom error settings for this application prevent the details of the
application error from being viewed remotely (for security reasons).
It could, however, be viewed by browsers running on the local server machine.
Details: To enable the details of this specific error message to be
viewable on remote machines, please create a <customErrors> tag within
a "web.config" configuration file located in the root directory of the
current web application. This <customErrors> tag should then have its
"mode" attribute set to "Off".
<!-- Web.Config Configuration File -->
<configuration>
<system.web>
<customErrors mode="Off"/>
</system.web>
</configuration>
Notes: The current error page you are seeing can be replaced by a
custom error page by modifying the "defaultRedirect" attribute of the
application's <customErrors> configuration tag to point to a custom
error page URL.
<!-- Web.Config Configuration File -->
<configuration>
<system.web>
<customErrors mode="RemoteOnly"
defaultRedirect="mycustompage.htm"/>
</system.web>
我想知道这对我的网站有危险吗?它可以用来破解我的网站吗?如果是,如何? 我无法更改任何内容,因为在接下来的 4 个月内我无法访问我的网站。
【问题讨论】:
-
可以提取的信息:(1) 您正在使用 ASP.NET (2) 您没有使用 .NET Core (3) 您正在使用 IIS 作为您的网络服务器 (4) 请求以运行时错误。简而言之:攻击者可以检查 IIS 和 .NET 框架的一些零日漏洞
标签: asp.net runtime-error server-error