Author: angel article in Nature: Original release date: 2004-04-02 forum English translation is Forum, as an essential communication platform on the web. There is a pivotal position in the website, and everyone knows that the species of the forum is quite. ASP, CGI, PHP, JSP or even C developed, and the brand is more than 100. It is this, and each forum has such problems, including security problems. Many websites are because the forum has caused problems, and the server is infiltrated. How to pay attention to it safely! Since I use the ASP forum, I talk about the ASP Forum. The recommended database problem database for developers seems to be a problem that every user is more headache, is downloaded, leaked. In fact, the developers have more work. The database is encrypted with MD5 (compatible row, it is balanced). Such a leakage problem has been well solved, no matter who it is. How to see data, all of which are encrypted strings, and the maximum solves the problem of database leaks, which is very good, worthy of other forums. Then it is to prevent download. Add a table in the database, because I am not good at describing, so everyone can directly download the network forum V5.0 0519 SP3 (URL: http://www.aspsky.net/download/list.asp? Id = 2178), There is such a database, importing the NOTDOWNLOAD table inside (everyone can study itself, actually I can't say it, huh, huh), then change the database's extension to .asp to prevent download, even if you know the database Path, download is also 500 errors. This should be made by developers. The password verification problem password is the chief concept of the system. Most of the attacks are starting with interception or guess password, so there are also places in which they need to be verified must be done. The developer should limit the minimum length of the password 8. It is best to join the random verification code, limit the number of login failures, if the username, password, the random verification code causes the login failure 3 times, will automatically turn off, and other, prompt The message error message should not be displayed in the HTML page, but should be discussed by the message box to display the error information, these measures can effectively prevent the use of the tool violent cracking, such tools is to determine the page source A label in the code is cracked. Generally, one tag of the error page is first obtained, then submit the data, take the returned data and compare the error tag just acquired, if you encounter a different tag. Then be correct, as long as the principle is understood, I know how effective the above three measures is. There is also try not to display your password on the page. For example, check the original code in a quick reply. Similar "password "place. Among them, "***********" is a password. This way users will log in. Leave it, others can see the password immediately, very unsafe! In fact, it is also a deficiencies through cookies and session. SESSION is completely saved on the server, it is absolutely safe. So only developers balanced. Select a folded method, and also use Type = Hidden to hide information. People who will html will know. However, if the MD5 encryption just mentioned, you won't see the true password. When you look at the original code, it is just value = "f3b4sd5f47fh49ah3".
(This string has been changed) UBB parsing problems are quite a few message books and forums exist such problems. For example, [IMG] PIC_URL [/ IMG] can display a picture, but if the code is converted, it may be executed across Station script, the simplest test method is to submit information of [IMG] JavaScript: Alert (); [/ img], (tagging program), if you pop up a dialog box, there is this vulnerability, some although already Filtered. However, it may convert the submitted information to the ASCII code, or may be able to perform a cross-station script, the cross-station script is unpredictable, and some information can be popped up. If the HTML code is not filtered. You can modify the pattern of the home page; more attackers, write a script that steals the user's cookies data to boot user access, the worst possible to format the browser's hard drive. The following is a simple example. [img] java / script: Document.write (); [/ img] Document.write (''); single quotes '' and a period. To convert with ASCII, otherwise, a slightly filtered program will not take effect . You can write any code. Modify the registry, format the hard disk ... If the UBB is filtered, it will be fine. Is it serious? The following is paid a code that handles script characters. for reference only. Perhaps there may be errors and omissions.
Function JScode (JSstr) dim jsstr: jsstr = jsstrs if jsstr = "" or isnull (jsstr) then JScode "": exit function if not isnull (JSstr) then dim ts dim re dim reContent Set re = new RegExp re.IgnoreCase = True Re.global = true re.pattern = "(javaScript)" Ts = Re.Replace (jsstr, "& # 106avascript") RE.PATTERN = "(jscript :)" TS = Re.Replace (TS, "& # 106Script: ") Re.pattern =" (JS :) "TS = Re.Replace (TS," & # 106s: ") RE.PATTERN =" (value) "TS = Re.Replace (TS," & # 118alue ") RE.PATTERN =" (about :) "TS = Re.Replace (TS," About & # 58 ") Re.pattern =" (file :) "TS = Re.Replace (TS," File & # 58 ") Re.pattern = "" TS = Re.Replace (TS, "Documents & # 46Cookie") Re.pattern = "(VBScript :)" TS = Re.Replace (TS, "& # 118bscript:") Re.pattern = "(VBS :)" TS = Re.Replace (TS, "& # 118bs:") Re.pattern = "(ON (mouse | EXIT | ERROR | Click | Key)" TS = Re.Replace (TS, "& # 111n") RE.PATTERN = "(& #)" TS = Re.Replace (TS, "& #") jscode = ts set re = nothing end if End functions QL INJECTION problem SQL INJECTION The principle is to use the user to submit or modify the data, insert the desired SQL statement into the system actual SQL language, so that the purpose of invasion, know the principle, the developer should do a good job in preventive work, need to be fundamentally solved Solve SQL INJECTION . It has also started from the program itself. Filtering the parameters submitted by the URL, in the form, it is also possible to filter, the data that can be modified later, can be submitted to the server after modification, in summate the data submitted by all forms, and the user may pair the HTML source file All data from the Web server external to the Web server is configured to filter or convert, (I am not good at expressing, this words are changed from ISNO, thank you ISNO) for single quotes, double quotes, semicolons "-" Filter all special characters above the numbers, as well as the Query_String environment variable. I dare to say that it is not enough. Even if there is a firewall and IDS (intrusion detection system) filtering special characters.
We can still use the method, split the command string, save a temporary variable, then reference, as in the following two commands. It is possible to spade, our school is to attack with this method, many commercial companies have purchased IDS, and in IDS, filter XP_cmdshell, etc., how do we submit your order, we only need to pass the following How to make a combination of combination we can break through IDS test: declare @a sysname set @ a = 'xp _' 'cmdshell' exec @a 'Dir C: /' declare @a sysname set @ a = 'xp' '_ cm ' ' DSHELL 'EXEC @A' DIR C: / 'So developers must find a way to handle it in the program before the data is submitted. For more SQL Injection Information, please see the Microsoft Taiwan site (URL: http://www.microsoft.com/taiwan/sql/sql_injection_g1.htm) file upload problem has had such a thing, a management network forum management The password is acquired by an intruder through a method, and then the invader setting allows uploading the ASP file, and the result utilizes a CMDASP back-door osmotic server. So, developers are best not allowed to allow users to upload an ASP file, even if the setting is invalid. That is, fixing the ASP file is not allowed, and if you must upload it. It is best to add a function of file content detection. For example, if there is a dangerous command in the content of the text file, if there is, it is forbidden to upload, sometimes most of the most uploaded is a big file, and it is binary, and it is very troublesome, and the resources are more resource. But security is important or resources? Developers can decide themselves! Or vote for investigation. A piece of YPY is given below: This is the primary code. The developer is going to perfect. Special thanks to YPY here.
set MyFile = server.CreateObject ( "Scripting.FileSystemObject") set MyText = MyFile.OpenTextFile (sFile, 1) 'to read a text file sTextAll = lcase (MyText.ReadAll): MyText.close' Analyzing dangerous operation sStr user file = "8 | .Getfolder | .createfolder |. Deletefolder | .creatediRectory | .deletedIRectory" SSTR = SSTR & "| .saveas | wscript.shell | script.encode" Snostring = Split (SSTR, "|") for i = 1 To Snostring (0) IF INSTR (Stextall, Snostring (I)) <> 0 Then sfile = UPL.PATH & SFILESAVE: fs.deletefile sfile response.write "
