ASP + ACCESS prevention

Hello everyone. Today's course: ASP + ACCESS prevention

Author: David Source: China Network Security Association-http://chinansa.com

-----------------------------------------------
Today, I am bored. I found ASP security in Baidu, But I found N intrusion tutorials, but there are relatively few Security Configuration materials. at present, most articles teach you how to intrude. Here I will talk about how to defend myself. we hope to introduce more discussions on security protection.

Let's assume that ASP is the whole site system + ACCESS database. Let's talk about the combination of ASP + ACCESS. If there are any mistakes, I hope you will criticize and correct them!

------------------------------------------------

Step 1: The first application is the password verification when the Administrator logs in. For example, enter 1or1 = 1 to go to the Administrator page. although this vulnerability is very old, there are many systems with this vulnerability, especially news systems. ASP programs developed two years ago basically have this vulnerability. in fact, you only need to replace "" with other symbols to avoid similar errors.

------------------------------------------------

Step 2: Second, cross-table queries, such as x. asp? Id = 2 and 1 = 1. Many people know how to attack but do not know how to block this vulnerability. This is a strange phenomenon. because the ID parameter is not filtered out, we should add the following code to the page where the vulnerability exists:
<%
Dim ETA
Gini = request ("id ")
If isnumeric (zex) = 0 or zex = "" then
Response. write "oh my god !!! Theres a hack !!! "
Response. end
End if
%>

If you want to, you can redirect the person conducting similar attacks to another page.

-------------------------------------------------

Step 3: session authentication is a good way to deal with cookie forgery, and users can access the corresponding page strictly according to the user level. For details, refer to the background verification code of the mobile network.

-------------------------------------------------

Step 4: Perform MD5 encryption on the database. most of the downloaded ASP source code is unencrypted. the password is lying there in plain text, and it looks uncomfortable. for your safety, don't be lazy. Do it!
(1) Pull an MD5.asp file from the Internet to encrypt the database.
(2) Insert the following sentence at the top of your user login page: <! -- # Include file = "md5.asp" -->
(3) Find the following sentence: pass = request ("pass") and change it to pass = md5 (request ("pass ")). in this way, even if your database is downloaded, you may have to crack the other party for a while. If your password is strong enough, you should laugh! Because session authentication is used to prevent cookie forgery, the security factor is greatly enhanced.

-------------------------------------------------

Step 5: Prevent database downloads.
First, create a table in your MDB file, take a field name in the table, whatever it is, and then create a field in the table, fill in the field <% = A-1 %>, add "#" before the database name "#". in my opinion, this change should be relatively safe. of course, it cannot guarantee absolute security. There are too many talented people on the network. maybe another method has been used to download the article.

-------------------------------------------------

Step 6: post attacks
It is common to pull the login page to your local machine, and then modify some parameters to submit again. if all your data is filtered out on the form, you will be lucky. A common example is the message book, which can submit data through post. so how can we prevent it? The following code checks whether the URL submitted by the other party is external:
<%
Dim server_v1, server_v2
Server_v1 = cstr (request. servervariables ("http_referer "))
Server_v2 = cstr (request. servervariables ("server_name "))
If mid (server_v1, 8, len (server_v2) <> server_v2 then
Response. write "do not submit parameters from outside the site"
Response. end
End if
%>

----------------------------------------------------

Step 7: upload a file.
To prevent this vulnerability, add the following code:
If instr (request ("formpath", ".")> 0 then response. write "vulnerability supplemented": response. end

-----------------------------------------------------

Today's course is written only when many websites are found on the website and the pages have been changed!
I personally think that finding a vulnerability is a good thing, but why should people be completely different after finding it? Of course, we don't have the ability to say we don't want to change it, so we have to change ourselves first :)

Today's courses are not perfect in some places. I hope you can complete all the things I didn't say!

-----------------------------------------------------
China Network Security Association main site: http://chinansa.com
Forum: http://bbs.chinansa.com