Database injection vulnerability [continued]

zhaozj2021-02-16  78

Originally, it is not worth repeating! There is no stronger spear, mainly to see the understanding and understanding of the problem, say it, not for those functions The use and understanding of understanding. (The horizontal is bad, don't dare more! Oh!)

Today, I read the related functions on the Bud Dush Blog again. I am ready to find some information. I am talking about it. But it seems to look still there in those articles, for the problem of injection. I haven't worried, just put me. I think about the head, let's take a look here!

Everyone is only handled for half-angle single quotes (in English), I have the most situation, useful is definite, that is, the OR vulnerability I said everywhere can make up. This should be "logical" problem. (My own statement)

In addition, it is the judgment of the QueryString value (usually numbers, I am talking about) is also useful. Especially the news procedures of everyone habit. Estyle (田): 1, if it is Troubleshooting French Injection, then we should focus on processing symbols rather than alphabet strings. Because usability should be placed first, we can't ask users whether the user lumida change name is? This is indeed a problem, it is indeed ideal. And that the function I said is just the processing of a single queryString, especially the number of numbers, which is very necessary! Because the MID function is guess The solution is very useful! More trouble! 2, in addition to illegal strings, we should also consider some other cases, such as too long strings, active verification with regular expressions (written ideal data form modes) It is convenient than passive filtration (introducing the problem uncomfortable); I agree! I don't know how others do it. I am not familiar with the rules (not afraid of laughing! Khan, only work hard!) This problem!) I see the function on the Budding blog:

'####' ## '## SQL injection attack preventive device [character type]' ## ## @ Data -> Processing data '## @ length -> Length limit' ## '##:: STRSQL ("SQL Character Data", 50) '## function strsql (data, length)' ###################################################################################################################################################################################################################################################################### ############################################################## Data = Left (data, length) strsql = "'", "'") & "'" end function

It is the process of doing 50 for the received data. In fact, it is also a feasible method. Just feel that this is also troubles, the function can be universal is a good thing ?!!! Specific questions, this is still a bit bold Point, 50 is already a long!!!! My approach is --- <% if len (Request.QueryString ("DDD"))> 8 ThenResponse.write ("Black I, Less!") Response. End%>

Just judge every time, there are more hands to write! The stupid is that it is clear that it can be injected so that it should be possible (I still think so, if you have a high level, I will advise it, I must Hear the length of you can listen to). 8 can no longer have a problem. Next, do some processing. All the things that can be used in the injection can be used!!!

---- <% Function CHECKSTR (STR)

IF Isnull (STR) THEN

Checkstr = ""

EXIT FUNCTION

END IF

Checkstr = Replace (STR, "," ")

Checkstr = Replace (STR, "'", "'")

Checkstr = Replace (STR, ";", "'") Checkstr = Replace (STR, "-", "'")

Checkstr = Replace (STR, "(", "'")

Checkstr = Replace (Str, "[", "'")

Checkstr = Replace (STR, "$", "'")

END FUNCTION

%>

I think it is enough! I have a little joke, but it is also an idea !!

--- <% Function CHECKSTR (STR)

IF Isnull (STR) THEN

Checkstr = ""

EXIT FUNCTION

END IF

Checkstr = Replace (STR, "," ")

Checkstr = Replace (STR, "'", "'")

Checkstr = Replace (Str, ";", "'")

Checkstr = Replace (STR, "-", "'")

Checkstr = Replace (STR, "(", "'")

Checkstr = Replace (Str, "[", "'")

Checkstr = Replace (STR, "$", "'")

Checkstr = Replace (STR, "ASC '," ")

Checkstr = Replace (STR, "MID", "")

Checkstr = Replace (STR, "Delete", "")

Checkstr = Replace (STR, "DROP", "")

END FUNCTION

%>

In this way, there is an injection point, it is also no way! Because I think at least in the URL address bar is already very difficult (in justice, just the idea, the specific situation is flexible)!

In addition, if there is other tricks for web programmers for the web programmer. My idea is to do MD5 processing on the user password, especially important information section. Say there is more and more.

Guely the dictionary set, I read a lot of people, especially those who do the database design, know that everyone likes:

UsernameUsernameu_nameAmeAMinistratorsuseridadminuserAdminPassadminNameUser_nameAdmin_nameusr_nusrdwncuidadminadmin_USRDMIN_USERNAMEUSER_ADMINADMINUSERNAMEPWD

Look at it, don't you like this, I don't say all people, anyway, I am at least used to use a field in it. I think that I have to change this habit. It is best to set the special database. It is good! There is also a field name setting is also more complicated! As for more complicated you think that you can remember the difference, you can come back from a circle! Oh! Because I have used some guess tools, huh !! But I haven't tried someone else's site, in fact, it is to do my own procedure's test! Oh !! So these content, and pay attention to this problem, that is, the management entry is set to be complex (! How do I Said "complex" ~ ^) ^ ~)

adminadmin_indexadmin_adminindex_adminadmin / indexadmin / defaultadmin / manageadmin / login ../ admin / index ../ admin / default ../ admin / manage ../ admin / loginmanageloginmanage_indexindex_managewocaonimaadmin1admin_loginlogin_adminad_loginad_managecountloginmanagemanagerguanlidengluhoutaihoutaiguanlihtgladminloginadminuserloginadmin_loginadm_loginchkloginchkadminuserusersadduseradminuseradmin_useredituseradduseradminaddusermembermemberseditmemberadminmemberaddmemberlogoutexitlogin_outeditadmineditadmin_editdeleteadmindeleteadmin_deletedeladmindeladmin_delupuploadupfilebackupconfigtestwebmasterrootaadminadmintabadmin_mainmainartarticledatabasesdatabasedbdbasedevelfilefilesforumgirlgirlshtdocshtdocsideaideasincludeincludeincincludesincominginstallmanualmiscmrtgprivateprogramprogrammingprogramspublicsecretsecretsserver_statsserver-infoserver-statussetsettingsetup *** snmpsourcesourcessqlstatstatisticsStatsstatstelephonetemptemporarytooltoolsusageweblogweblogswebstatsworkwstatswwwlogwwwstatswwwwenzhang these are Dictionary file. See if you haven't used it!? Oh !! I am afraid, I am!

The Pudding said why there is a problem with ASCII code, supplementing it or because of a large part of the web programmer or only for half-angle quotation marks and numbers, here is this judgment, of course this!

-14367-15895-10284-11319-19004-10780-10519 Pearl 3 97 100 109 105 110 Admin 45 - is ASCII code !!

If you write this:

IF isnumeric (Request.QueryString ("DDD")) THEN

Execute ("SELECT * from" ")

It's not the same as it won't be around! I have said a lot of bad nonsense, I haven't carefully studied the injection, two in the 9CBS Web version, a cow called "small bamboo" is the most Summary! I don't dare to make it! And I will pick up the web development time is not long. Experience is less! It is self-entertainment !! If anyone has a more high practice, please leave a message. Learn together!

*********************************************************** **********

Original in: http://blog.9cbs.net/qunluo/archive/2004/07/24/50782.aspx

Pudding in: http://blog.9cbs.net/oyiboy/archive/2004/07/29/55030.aspx

*********************************************************** ************

转载请注明原文地址:https://www.9cbs.com/read-12255.html

New Post(0)