ASP Vulnerability Analysis and resolution (3)

Source: Internet
Author: User
Tags iis
Solve the 6, ASP Program Password Verification Vulnerability

Vulnerability Description:
Many web sites put passwords into the database and use the following SQL for login verification (for example, ASP)
Sql= "SELECT * from user where username= '" &username& "' and Pass= '" & Pass & ' "
At this point, you simply construct a special username and password based on SQL, such as: Ben ' or ' 1 ' = ' 1
You can go to a page where you don't have the privilege. Let's take a look at the above statement:
Sql= "SELECT * from user where username= '" &username& "' and Pass= '" & pass& ' "
At this point, you simply construct a special username and password based on SQL, such as: Ben ' or ' 1 ' = ' 1
In this way, the program will become like this: sql= "Select*from username where username=" &ben ' or ' 1 ' =1& "and pass=" &pass& "
An OR is a logical operator that, if one of the conditions is true, will be set when the two conditions are judged. In the language, it is to represent the true
). In this line of statements, the "and" validation of the original statement will no longer continue, and because "1=1" and "or" return the statement to the truth value ...
Alternatively, we can construct the following user name:
Username= ' AA ' or username<> ' AA '
pass= ' AA ' or pass<> ' AA '
The corresponding User name box in the browser end is written to: AA ' or username<> ' AA Password box is written: AA ' or pass<> ' AA, note that both ends of the string are
No '. So you can successfully cheat the system and enter.

Although this latter method theory, but to practice is very difficult, the following two conditions must have.

1. You need to be able to know exactly which two fields the system uses in the table to store user names and passwords, so that you can accurately construct this offensive character
String. In fact, it's hard to guess.
2. The system does not check the validity of the string you have entered.

Problem solving and suggestions:
The content validation for the input and the processing of the "'" number.

7, IIS4 or IIS5 install the Index Server Service vulnerability ASP source program

Problem Description:
In the index Server running IIS4 or IIS5, enter a special character format to see the ASP source program or other pages of the program. Even and Tim hit the nearest off
Yu Xin A system that looks at the source-code patch, or a system that does not have a. htw file, has the same problem. Get the ASP program, even Global.asa file source code, no
The suspect system is a very significant security risk. Often the code contains the user's password and ID, and the source path and name of the database, and so on. This is for attackers to collect
System Information, it is very important to proceed with the next intrusion.
You can refer to the program source code by building the following special program:
This simply returns some HTML-formatted file code, but when you add%20 to the CiWebHitsFile argument, the following:
This will get the source code for the program.
(Note:/default.asp is calculated as the root of the web.) such as the http:///welcome/welcome.asp of a site
Then the corresponding is:
Because the ' null.htw ' file is not a real system mapping file, it's just a virtual file stored in system memory. Even if you've removed it from your system,
All the real. htw files, but because the request to NULL.HTW files is handled by the Webhits.dll by default. Therefore, IIS still receives the threat of this vulnerability.

Problem solving or suggestion:
If the functionality provided by the webhits is required by the system, download the appropriate patch. If it is not necessary, simply remove it by using the IIS MMC Administration tool. HTW image

The patches are as follows:
Index Server 2.0:
Indexing Services for Windows 2000:

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.