Author: Feng Qingyang Article Source: E-generation V3 Views: 301 Date: 2004-1-1 MD5 checksum: 4ec9599fc203d176a301536c2e091a19
Recently, the SQL INJECTION vulnerability on the Internet uses attacks, JS scripts, HTML script attacks seem to be overdue. Many sites that have been plagued by such attacks, not like the host vulnerability, from the web attack method Let us have a big inconvenience in preventing or fixing. Hooo ... The biggest pain in a webmaster is more than this. How to make your own password is strong but always get an attacker, but how can we do the true security? First, don't link your password and your life; second, Supermaster's PWD is best only you know; third, absolutely improve your website program. However, how can I improve it, which will be the ultimate goal of our article.
Safety protection, how to do safety protection? If you want to protect, you must know how the other party attacks. There are a lot of articles to write a certain site. In fact, the way to attack is just the following:
1. Simple script attack
Such attacks should be boring. For example, JavaScript: Alert (); , etc., due to the unscrupulous filtering, so that the attacker is not available, but he can make a mess. It is also a problem with the current site of the free service, or the procedure of its own site.
2. Dangerous script attack
Such script attacks have been over to steal administrators or other user information. For example, everyone knows the cookies to steal, using scripts to perform local write operations on the client.
3. SQL INJECTION Vulnerability Attack
It can be said that this attack is from the driven network forum and BBSXP. Using SQL special character filtration is not strict, the database is attacked by a cross-table query. such as:
http://127.0.0.1/forum/showuser.asp?id=999 and 1 = 1
http://127.0.0.1/forum/showuser.asp?id=999 and 1 = 2
http://127.0.0.1/forum/showuser.asp?id=999 and 0 <> (Select Count (*) from admin)
http://127.0.0.1/forum/showuser.asp?id=999 '; declare @a sysname set @ a =' xp _ '
'cmdshell' exec @a 'DIR C: /' --- & aid = 9
Getting the administrator's password means that the whole station has been controlled, although it is not necessarily to get the host's permissions, but it also has a large pavement for this step. Similar SQL INJECTION attacks have a lot of ways, and different query methods that are not strict for different file filtering are different. So say that it is impossible to do a complete character filter.
4. Remote injection attack
The so-called filtration of a certain site is just simple JS filtering on the submission form page. For a general user, you can do not have to prevent; for the early attackers, such filtration seems to have no effect. What examples of POST we often say is one of them. By remotely submit illegal information to achieve the purpose of attack.
Through the introduction of the above attack method, we roughly understand the attacker's attack path. Let's start with the introduction of the focus, how to effectively prevent script attacks!
Let us still start from the simplest:
l Prevent script attack
JS scripts and HTML script attacks are actually very simple: Server.htmlencode (STR) is performed. Of course, don't call, how can you? You let me know all the stations like <% = uid%> I am not exhausted. For convenient filtration, we only need to filter out several key characters in the HTML script and the JS script. You can: Body (1) as follows: 'The following is a filter function
<%
Function CHK (FQYString)
FQYString = Replace (fqystring, ">", ">")
FQYSTRING = Replace (FQYString, "<", "<")
FQYString = Replace (FQYString, "& #", "&")
FQYString = Replace (fqystring, chr (32), "" ")
FQYString = Replace (fqystring, chr (9), "" "
FQYString = Replace (fqystring, chr (34), "" ")
FQYString = Replace (fqystring, chr (39), "'")
FQYString = Replace (fqystring, chr (13), "" "
FQYString = Replace (FQYString, CHR (10) & chr (10), "
")
FQYString = Replace (fqystring, chr (10), "
")
CHK = fqystring
END FUNCTION
%>
'The following is an application instance
<% = CHK (UserName)%>
UserName = CHK (Replace ("UserName", "'", ""))
Write the function on the public page using include, this efficiency is the best.
Program body (1)
In addition, it is worth noting that many sites lack filter filtration on the user registration, or the user data modified, or only one of them is filtered, and the registration will be modified after modifying the information. Script attack. The data submitted by the user is detected and filtered, the program body (2) is as follows:
'The following is a filter function
IF INSTR ("UserName"), "=")> 0 OR
Instr (Request ("UserName", "%")> 0 OR
Instr (Request ("UserName"), Chr (32))> 0 or
INSTR (Request ("" "),"? ")> 0 OR
INSTR (Request ("UserName", "&")> 0 OR
INSTR (Request ("UserName"), ";")> 0 OR
INSTR (Request ("UserName", ","> 0 or
INSTR (Request ("UserName"), "'"> 0 ORINSTR (Request ("UserName", "?")> 0 OR
Instr (Request ("UserName"), Chr (34))> 0 OR
Instr (Request ("UserName"), Chr (9))> 0 or
Instr (Request ("UserName"), "")> 0 or
INSTR ("UserName"), "$")> 0 OR
INSTR (Request ("UserName", ">")> 0 OR
Instr ("UserName"), "<")> 0 OR
INSTR (Request ("" "" "" ""> 0 THEN
Response.write "Friends, your submission user name contains illegal characters, please change, thank you for your cooperation
DIM BWORD (18) BWORD (0) = "?" BWORD (1) = ";" BWORD (2) = ">" BWORD (3) = "<" BWORD (4) = "-" BWORD (5) = "'" BWORD (6) = "" "" " BWORD (7) = "&" BWORD (8) = "%" BWORD (9) = "$" BWORD (10) = "'" BWORD (11) = ":" BWORD (12) = "|" BWORD (13) = "(" BWORD (14) = ")" BWORD (15) = "-" BWORD (16) = "CHR (9)" BWORD (17) = "CHR (34)" BWORD (18) = "CHR (32)" Errc = FALSE 'The following is part of the application instance For i = 0 to Ubound (BWORD) IF INSTR (FQys, BWORD (I)) <> 0 THEN Errc = TRUE END IF NEXT IF Errc THEN
