MySQL database download vulnerability attack Technology _ MySQL

MySQL database download vulnerability attack technology bitsCN.com

As the No. 1 killer of script vulnerabilities-database download vulnerabilities, they are now becoming increasingly popular. In this era of rapid information technology updates, vulnerabilities are followed by various countermeasures, such as modifying database suffixes and database names. Many people think that if you do this, you can solve the problem, but the fact is often not as good as you wish. even if you do this, you cannot escape the fate of being attacked by experts. Therefore, it is necessary to understand some attack techniques to enhance our security skills.
1. force download of database files with the suffix ASP and ASA
In order to save time, most of the website's article systems, forums, and other programs directly download others' source programs and use them after some modifications. Currently, many ASP Source programs have changed the database suffix from the original MDB to ASP or ASA. This is a good thing, but in a society with extremely expanded information, the old method can maintain a limited amount of time after all. For database files suffixed with ASP or ASA, hackers can easily download files from the software such as thunder by knowing where they are stored. That is, I used the database file downloaded by Thunder (note that the database suffix is ASP ).

2. fatal symbols ――#

Many network administrators think that adding a # number before the database can prevent the database from being downloaded. Yes, I also thought that IE could not download files with the # sign (IE will automatically ignore the content after the # sign ). However, we forget that web pages can be accessed not only through common methods, but also through IE coding technology.
In IE, each character corresponds to an encoding, and the encoding character % 23 can replace. In this way, we can still download a database file that only modifies the suffix and adds the # number. For example, # data. mdb is the file we want to download. we only need to enter % 23data in the browser. mdb can use IE to download the database file. in this way, the # Defense method is equivalent to the virtual setting ().

3. cracking Access encrypted databases is easy to crack
Some network administrators like to encrypt the Access database, so that even if hackers get the database, they need a password to open it. However, the opposite is true. because the Access encryption algorithm is too fragile, hackers only need to go to the Internet to find a software to crack the password of the Access database, so they don't need a few seconds to get the password. There are many such software on the Internet, such as Accesskey.
4. instantaneous elimination-data storm database technology
The database brute-force database technology should belong to the ranks of script vulnerabilities. the reason for this is that it plays an important role in the database download vulnerability. if you take a closer look, readers will find that the above techniques are implemented only when the database name is known. However, in many cases, it is impossible for us to know the database name. at this time, we may feel very frustrated and feel that we cannot proceed, however, the emergence of database brute-force database technology not only swept away our frustration, but also allowed us to truly combine and utilize the previous technologies.
When using ASP to write data to connect files, many people always write (conn. asp) as follows ):
......
Db = "data/rds_dbd32rfd213fg.mdb"
Set conn = Server. CreateObject ("ADODB. Connection ")
Connstr = "Provider = Microsoft. Jet. OLEDB.4.0; Data Source =" & Server. MapPath (db)
Conn. Open connstr
Function CloseDatabase
Conn. close
Set conn = Nothing
......
This statement seems to be okay, and the database name is very strange. without the database brute-force database technology, we can guess that the chance of such a database name is almost zero. However, such a short statement hides infinite information. This vulnerability exists in most programs on the Internet. We only need to add the data connection file conn in the address bar. asp (this is usually used) can be used to replace % 5c before the attack to the database location. Do I need to talk about the next thing? As long as you start thinking, nothing can be done.

BitsCN.com