● Other errors
In addition, there are some other errors that are difficult to classify, such as "non-1 0" leads to bypassing certification.
9.2.3 Common CGI
Vulnerability detection tool
Ttwwwscan
This tool is relatively fast, and you can use parameters to separate the Windows system and UNIX systems, not using the graphical interface, relatively simple;
2.CI
It is a graphical compact scanning tool, mainly for Windows system design, which has a more detailed description of the CGI problem inspected, facilitating use, analysis, and resolving loopholes;
3.voideye
The graphical interface is more fancy, which can be checked, but not accurate.
4.Webscan
Check the species, as if there are 300 strips, you can provide HTML format reports, gather some follow-up methods, just check the server if there is this link, if there is, there will be a vulnerability, this is of course There are a lot of false positives, the tool is dead, people are live, skilled in applying these auxiliary tools take some time to be familiar with it.
9.2.4 How to make your CGI more
Safety
Understand the security issue of CGI, should we know how to strengthen the security of CGI? The following is simple to summarize as a reference:
1. Use the latest version of the web server to install the latest patch, correct the server correctly;
2. Install the CGI program in accordance with the help file, delete unnecessary installation files and temporary files;
3. Use C to write CGI programs, use secure functions;
4. Use safety and efficient way to verify user identity;
5. Verify the source of the user to prevent users from excessive actions in a short time;
6. Recommended filtration "&;` '/ "*? ~ <> ^ () [] {} $ / N / r / t / 0 # ../;
7. Pay attention to handling advice;
8. Functional strategies to develop safety during function;
9. Cultivate good programming habits;
10. Scientific rigorous research attitudes to avoid the mistake of "think of course";
9.3
ASP security
ASP (Active Server Page), an important web technology. Its appearance brings new vitality to the Internet, which is handled in an unprecedented manner
The interaction of the browser and the server passes the built-in object, ADO support, WSH (can manage NT Domain), almost everything you can do with traditional applications! !
ASP is a similar HTML (Hypertext Markup Language Hypertext Identity), Script and CGI (Co
The combination of the MMON Gateway Interface General Gateway interface, but its operating efficiency is higher than CGI, and the program is more convenient and more flexible than HTML, program security and confidentiality is better than Script. If you are the first contact internet (Internet), you may not know the above nouns, the following is explained and explained to the difference between them.
HTML (Hypertext Markup Language) is a hypertext identifier language. You can download this file in this format. User can browse these files as long as you use web browser tools, and currently compare tools include Microsoft Internet Explorer, Netscape. Communicator, etc., because the HTML file is composed of the label (TAG), so it is more suitable for a static web page, and then, due to the congenital limit HTML is unable to access the database directly, it is mostly based on the work of the database. CGI is handled. ASP can not only contain HTML tags, but also directly access the database and use an unlimited ActiveX control, so it is more convenient to HTML and more flexible on program compilation. Simply put, ASP is a script running environment in server-side, through this environment, users can create and run dynamic interactive web server applications, such as interactive dynamic web pages, including using HTML form collection and processing information, uploading
Download, etc., just like users use their own CGI programs. But he is simpler than CGI. More importantly, ACTIVEX technology used by ASP is based on open design environments. Users can join themselves, so that their dynamic webpage has almost unlimited expansion, which is far from traditional CGI. . There is also a benefit using ASP, where ASP can use ADO (Antive Data Object, Microsoft's new data access model, similar to DAO), convenient access to the database, making it possible to develop WWW-based applications.
9.3.1 ASP Vulnerability Analysis and Solution
The vulnerability of the ASP is very small. If you want to find the actual location of the database, it is not simple, but this does not show
The hacker has no hole, which is also this point of view. The general programming designer often forgets whether to check if there is a vulnerability, so it is possible to cause the website data to be steady.
The ASP contains a safe vulnerability, which is in /site/eg/source.asp.
Software Sales example programs, inside the content of how teaches us to write freely in this directory of the server. The way to solve this vulnerability is to suggest delete the sample programs provided by all software.
1.code.asp file will leak ASP code
For a very simple example, there is a .asp file in the ASP1.0 of Microsoft, specifically used to view the source code for other .asp files, which is aspsamp / samples / code.asp. If someone uploads this program to the server, he can easily view the procedures of others. E.g:
Code.asp Source = / Directory / File.asp
But this is a more old loophole, I believe this vulnerability now.
The following command is a relatively new:
Http://someurl/iissample/exair/howitworks/code.asp/lunwen/soushuo.asp=xxx.asp
The biggest hazard is that the ASP file can be read by the above manner; the database password is exposed in the form of a fashion manner;
Problem resolution or suggestion:
For the SHOW ASP Code of the IIS, delete the file or disable access to the directory.
2.FileSystemObject component Doctor Download FAT
Vulnerability of any file on the partition
IIS3, IIS4 ASP file operations can be implemented through the FileSystemObject, including the read and write directory operation of the text file, the copy of the file is changed, but this powerful function has also left very dangerous "back door". Use FileSystemObjet to tamper with any files on the FAT partition. Even if the NTFS partition, if the permissions are not set, it can also destroy, and you may suffer from the disaster of the top. Unfortunately, a lot of WebMaster only knows that the web server is running, and rarely performs permission settings, and the default setting of NT directory permissions is low and terrible. So if you are a webmaster, it is recommended that you pay close attention to the server settings, try to build the web directory in the NTFS partition, do not set the Everyone Full Control, even if the member of the administrator group is generally there is nothing necessary, as long as there is Read, change the permissions is enough. You can also delete or rename the components of FileSystemObject. 3. Enter the standard HTML statement or JavaScript statement changes the output result
What is the result of entering a standard HTML statement in the input box?
For example, a message book, we entered in the message:
Hello there!
If you don't block the HTML statement in your ASP program, you will change the size of the "Hello" font. In the message, change the font size and the map sometimes not a bad thing, but it can make the message this vivid. But if you write a JavaScript cycle in the input box, such as:
Extraordinary news
Then other guests viewing the message will only move the mouse to "Extraordinary News", the user's browser will die because of the dead cycle.
Solutions and recommendations:
To write a similar program, you should do a good job of this type of operation, such as writing a program to determine the client's input, and block all HTML, JavaScrip.
4. Access MDB database is possible to download vulnerabilities
Problem Description :
When you use Access, you can download this Access database file if someone knows or guesses the path and database name of the server through various methods, then he can download this Access database file. This is very dangerous. For example: If your Access database book.mdb is placed in the Database directory in the virtual directory, then someone enters the browser:
http:// Someurl / Database / Book.mdb
If your book.mdb database does not encrypt in advance, all important data in book.mdb can master in the hands of others.
