ASP + MSSQL2000 solution after database batch injection page 1/2

Each varchar and text field in mssql is automatically inserted into a piece of js Code. Even if this code is deleted, if it is not resolved from the source, the js Code will be automatically inserted into the database in a few minutes.
After observation, it is very likely that the program is automatically executed. Hackers first use asp + mssql to search for websites with vulnerabilities such as google and Baidu, then, the system uses an injection scanning tool like Tom to scan the entire website. Once an SQL injection vulnerability or an upload vulnerability is discovered, hackers can upload their own Trojans, such as Haiyang Trojans, by various means; then, the hacker adds the website to his zombie list and the js Code he wants to add to the database at any time. These codes often contain a large number of viruses and Trojans, computer poisoning of users accessing controlled websites.
Although the SQL query analyzer can be used for batch replacement to temporarily solve the inserted js Code problem, it does not fundamentally solve the vulnerabilities of the entire website, including program and server security permissions, then hackers can intrude into your website database at any time.
In the SQL query analyzer, You can execute the following code to replace JavaScript code in batches: Copy codeThe Code is as follows: "update table name set field name = replace (field name, '<Script Src = http://c.n % 75clear3.com/css/c.js> </Script> ','')"

Flymorn carefully checked the website and found that the website had several security problems:
First, the website has the Upload Vulnerability. Although File Uploading requires administrator authentication and file format authentication, Administrator authentication uses cookies, cookies can be forged. If you do not take any judgment on the content of the file after uploading an image, the image Trojan may also be uploaded.
Solution: 1. delete the file to be uploaded (not practical); 2. Change the upload user verification to session verification; 3. Verify the uploaded file content. If it is an image Trojan, delete it; you can refer to the following verification code:Copy codeThe Code is as follows: ''======================== determine whether the uploaded file contains an invalid string start ======================== =
Set MyFile = server. CreateObject ("Scripting. FileSystemObject ")
Set MyText = MyFile. OpenTextFile (Server. mappath (filePath), 1) 'read text files
STextAll = lcase (MyText. ReadAll)
MyText. close
Set MyFile = nothing
SStr = "<% |. getfolder |. createfolder |. deletefolder |. createdirectory |. deletedirectory |. saveas | wscript. shell | script. encode | server. |. createobject | execute | activexobject | language ="
SNoString = split (sStr, "| ")
For I = 0 to ubound (sNoString)
If instr (sTextAll, sNoString (I) then
Set filedel = server. CreateObject ("Scripting. FileSystemObject ")
Filedel. deletefile Server. mappath (filePath)
Set filedel = nothing
Response. Write ("<script> alert ('the upload failed because the file you uploaded has a problem! '); History. back (); </script> ")
Response. End
End if
Next
''=================================Determine whether the uploaded file contains an invalid string end ================== ======

Second, the website has the cookie injection vulnerability. In programming, in order to reduce the overhead of the server, all users use cookies for verification after login. This cookie stores the user ID and NAME, which is well known, cookies are often forged by hackers. In addition, some external parameters do not use strict requests. form and request. querystring is used to obtain the content. For convenience, the request ("id") method is used.

We know that ASP requests first obtain the content from form and querystring. If the two are empty, they need to obtain the content from cookies. We often consider the request in programming. form and request. querystring SQL injection, so requests are usually filtered. form and request. querystring performs SQL injection, but forgets to filter the injection in cookies. Let's take a look at the following SQL statement:Copy codeThe Code is as follows: SQL = "select * from table name where id =" & request ("id ")

If this id happens to be obtained through cookies, think about how terrible it is! The attacker can easily forge a false cookie named id because the cookie of this id is allocated to it by the server. This cookie can be forged into a code similar to the following:Copy codeThe Code is as follows: dEcLaRe @ s vArChAr (4000); sEt @ s = cAsT (Broadcast
Artificial IT talent Network (http://it.ad0.cn) 12e6e416d452c622e6e416d
Forbidden. ad0.cn43d622e6
Bytes
Bytes
Bytes
Bytes
Bytes
Bytes
Bytes
Bytes
3615213207441624c655f637572736f520d0a aS vArChAr (4000); exec (@ s );--