Solution:
(1) Get a complex unconventional name for your database file name and put him in a few layers. The so-called "unconventional", for example, if there is a database for information about books, don't name it "book.mdb" name, a weird name, such as D34ksfslf.mdb, then Put him in a few layers of directory such as ./kdslf/i44/studi/
Hackers want to get your Access database file by guessing;
(2) Do not write the database name in the program. Some people like to write DSN in the program, such as:
Dbpath = server.mappath ("cmddb.mdb")
Conn.open "Driver = {Microsoft Access Driver (* .mdb)}; dbq =" & dbpath
If you gave people the source program, your ACCESS database's name is unlike. So I suggest you set the data source in the ODBC, then write this in the program:
Conn.open "shujiyuan"
(3) Use Access to encode and encrypt the database file. First select "Tools" → "
Security "→" Encrypt / Decrypt Database ", select the database (such as: EMPLOYER.MDB), then then then determine, then the" Database Causes Save Save Save "window, save: Employer1.mdb. Edn" Employer.mdb " It will be encoded and then stored as: Employer1.mdb.
Note: The above action is not a password to the database, but only the database file is encoded, the purpose is to prevent others from using other tools to view the content of the database file.
Next we are encrypted for the database, first open the encoded "Employer1.mdb", when open, select "exclusive" mode. Then select the "Tool" → "Security" → "Setting Database Password" of the menu, and then enter the password.
After setting the password for "Employer1.mdb", then if you use the Access database file, Access first requires the password to verify the correct database.
But
In the open method of the Connection object in the ASP program, add the parameters of the PWD, for example:
Param = "driver = {Microsoft Access Driver (* .mdb)}; pwd = yfdsfs"
Param = param & "; dbq =" & server.mappath ("Employer1.mdb")
Conn.open Param
This is even if someone got the fmployer1.mdb file, there is no password he can't see Employer1.mdb.
5.asp program password verification
Vulnerability
Vulnerability Description:
Many websites placed passwords into the database, with the following SQL in login verification, (with ASP as an example)
SQL = "SELECT * from user where username =" & username & "and pass =" & pass& "
At this point, you only need to construct a special username and password according to SQL, such as Ben or 1 = 1
You can enter the page you don't have privilege. Let's take a look at the statement above:
SQL = "SELECT * from user where username =" & username & "and pass =" & pass& "
OR is a logical operator that is when it is judged that the equation will be established as long as one of the conditions is established. In the language, it is true (established). So in this row statement, the "AND" verification of the original statement will no longer continue, but since the "1 = 1" and "OR" statement returns to true value. In addition, we can also construct the following usernames:
Username = aa or username <> aa
Pass = aa or pass <> aa
Accordingly
The user name box of the browser is written within the AA Or UserName <> AA Password: AA Or Pass <> AA, pay attention to the two strings. This can successfully deceive the system.
Though the theory of the latter method, it is very difficult to practice, and the following two conditions must be available.
(1) You must first be able to accurately know which two fields are used in the table to store username and password, only this offense string can be accurately constructed. In fact, this is hard to guess.
(2) The system does not have a validity check for the string you entered.
Problem Solition and Recommendation: Processing of the Content Verification and "" number of the input.
6. IIS4 or IIS5 installed with Index Server service vulnerability ASP source
Problem Description :
InDex Server running IIS4 or IIS5, you can see the ASP source or other pages of the ASP source or other pages in the special character format. Even the system has been added to the system of the patch of the source code, or there is no .htw file system, there is the same problem. Get an ASP program, or even the source code for the global.asp file, undoubtedly a very significant security hazard. User passwords and IDs are often included in these codes, as well as the source path and name of the database. This is the next step for the attacker collects system information.
The invasion is very heavy.
You can see the program source code by building the following special programs:
http://202.116.26.38/null.htw ciwebhitsfile = / default.asp & cirestriction = none & cihilittype = FULL
This just returns some file code in HTML format, but when you add% 20 to ciWebhitsFile, you are as follows:
Http: //someurl/null.htw? ciWebhitsFile = / default.asp% 20 & Cirestriction = None & CiHilittype = FULL
This will get the source code of the program. (Note: /Default.asp is calculated by the root of the Web. Such as a site http: //xxxxxx/welcome.asp
Then correspond to:
Http://someurl/null.htw ciwebhitsfile = / xxxxx / welcome.asp% 20 & Cirestriction = None & CiHilittyPe = FULL)
Since null.htw file is not a real system mapping file, just a virtual file stored in system memory. Even if you have removed all the true .htw files from your system, because the request for null.htw file is processed by WebHits.dll. Therefore, IIS still receives the threat of the vulnerability.
Problem resolution or suggestion:
If the function provided by the WebHits is the system, please
Download the appropriate patches. If there is no need, please use IIS
The MMC management tool simply removes the ".htw" image file.
7.nt Index Server has a vulnerability to return to the superior directory
Problem Description :
Index Sserver 2.0 is a tool for a software attached in Winnt 4.0 Option Pack, where features have been included in the INDEXING SERVICES in Winnt / 2000. When used in conjunction with IIS, INDEX Server and Indexing Services can browse the result of the web search in the original environment, which will generate an HTML file, which contains a short reference to the content returned to the page after searching, and connect it to The returned page [ie pages that meet the query content], that is, the super connection. To do this, it needs to support the .htw file type by the WebHits.dll-Isapi program. This DLL allows you to use ".." in a template to return a string of the superior directory. In this way, an attacker that understands the server file structure can be remotely read any file on the machine.
Vulnerability use:
(1) There is .htw file in your system.
This super connection provided by INDEX Server allows web users to get a return page about his search results, this page's name is through the .htw file with the CIWebhits File variable, WebHits.dll This ISAPI program will process this request, Perform super connections and return to this page. Therefore, the user can control the CiWeBHITS variable of the .htw file requests any desired information. One problem in existence is that the source code for ASP or other script files can also be obtained.
Above we said that "../" can be accessed by Web virtual directory after Web virtual directory, let's take an example:
Http://somerul/iissample/issamples/oop/qfullhit.dll? CiWebhits File = / .. / .. / Winnt / System32 / Logfiles / W3SVC1 / EX000121.LOG & CIRESTRICTION = None & CiHilittype = FULL
Enter this address in your browser to get a Web log file for the date on the server.
The system is common. Htw sample files are:
/iissample/issamples/oop/qfullhit.htw
/iissample/issamples/oop/qsumrhit.htw
/iissample/exair/search/qfullhit.htw
/iissample/exair/search/qsumrhit.hw
/iishelp/iis/misc/iirturnh.htw [This file is usually limited by Loopback]
(2) There is no .htw file in your system. HTW file
Calling a webhits.dll isapi program needs to be done through the .htw file, if there is no .htw file in your system, although the request is not existing .htw file will fail, you still have a vulnerability that can be utilized. The trick is to use inetinfo.exe to call WebHits.dll, which can also access files outside the web virtual directory. But we need to complete this file by making a special URL must be a static file, such as ".htm", "HTML", ". TXT" or ".gif", ". Jpg". These files will be used as a template to be opened by WebHits.dll. Now we need to get inetinfo.exe to use WebHits.dll, the only thing you can do is to ask a .htw file:
Http://url/default.htm.htw ciwebhitsfile = / .. / .. / Winnt / System32 / Logfiles / W3SVC1 / EX00121.LOG & CIRESTRICTION = None & CiHilittype = FULL
Obviously, this request will definitely fail because this file does not exist on the system. However, please note that we have called now to WebHits.dll, we only need to be behind an existing file resource [that is. HTW front] plus a string of special numbers (% 20s), [is in an example "Default. HTM "Adding this representative space special number] so we can deceive the web server to achieve our goal. Since the HTW file name part is deleted [due to% 20s symbol], When the request is transmitted to WebHits.dll, the file can be successfully opened and returned to the client, and the process does not require a true .htw file in the system. Problem resolution and advice:
Microsoft has issued patch on this issue:
INDEX Server 2.0:
Intel: http://www.microsoft.com/downloads/release.asp releaseid = 17727
Alpha: http://www.microsoft.com/downloads/release.asp?releaseid=17728
Windows 2000 Indexing Services: intel: http://www.microsoft.com/downloads/release.asp?releaseid=17726
8. Repairing the verification directly into the ASP page
