Cross-station script attack and guard against-asp vulnerability set (continued)

Source: Internet
Author: User
Tags mail mail example
Attack Cross-station script attack and guard against


the first part: cross-station script attack


whenever we think of hackers, hackers tend to be such a portrait: a lone person, sneaking into someone else's server, destroying or stealing other people's secret information. Maybe he'll change our homepage, and most of them will steal
.

take the customer's credit card number and password. In addition, hackers will attack customers who visit our site. At the same time, our server has become his accomplice. Microsoft called the attack a "Cross-site script" attack. And this attack is mostly

The
number occurs when the Web site is dynamically generated, but the goal of the hacker is not your site, but the customer browsing the site.


Cross-station script attack description


in a magazine called <<advisory ca--2000-02>>, cert warns that if the server does not validate customer input, hackers will enter malicious HTML code when the HTML code is lost


is used in the script program, they can use it for destruction, such as inserting some disgusting pictures or sounds, but also can interfere with the customer to browse the Web page correctly.


We know that some friends have been induced to some suspicious free sites, they get only 10 to 20 small windows, these windows are often accompanied by Java or JavaScript generated by the invalid button, which is called


is a mouse trap. Closing these windows is futile whenever we close a window and there will be 10 more windows popping up. This often happens when the administrator is not there. Mouse event is a hacker using the cross-station script method


A typical example of attacking customers.


malicious tags and script are not simple pranks, they can even steal information and smash systems. A smart or even smart hacker can use script to interfere with or change the input of server data. Using


The script code can also attack the client system and let your hard drive burn. And you know, when you use the server, the hacker's script is also running in the safe place of your server! If the customer
your suit

are very trusting, and they will also trust malicious script code. Even this code comes from a hacker's server in the form of 〈script〉 or 〈object〉.


even using a firewall (SSL) does not prevent Cross-site script attacks. That's because if the device that generates the malicious script code uses SSL, the SSL on our server cannot identify the code. We


is this the customer once so trusted site to hand over to hackers? And the existence of this kind of destruction, will let your website reputation is damaged.


  


  


One, cross-site script attack Example:


according to Cert's data, dynamic input has roughly these forms: URL parameters, table elements, cookise, and data requests. Let us analyze this, this is only two pages of the site, the site name is:


mynicesite.com. The first page uses a table or cookie to obtain the user name:


<%@ language=vbscript%>


<% If request.cookies ("UserName") <> "" Then


Dim Strredirecturl


Strredirecturl = "Page2." Asp?username= "


Strredirecturl = Strredirecturl & Response.Cookies ("UserName")


Response.Redirect (Strredirecturl)


Else%>


<HTML>


<HEAD>


<title>mynicesite.com Home page</title>


</HEAD>


<BODY>


<H2>MyNiceSite.com</H2>


<form method= "POST" action= "page2.asp" >


Enter your mynicesite.com username:


<input type= "text" name= "UserName" >


<input type= "Submit" name= "submit" value= "Submit" >


</FORM>


</BODY>


</HTML>


<% End If%>


  


The second page returns the user name to welcome:


<%@ language=vbscript%>


<% Dim strUserName


If request.querystring ("UserName") <> "" Then


strUserName = Request.QueryString ("UserName")


Else


response.cookies ("userName") = Request.Form ("UserName")


strUserName = Request.Form ("UserName")


End If%>


<HTML>


<HEAD></HEAD>


<BODY>


<h3 align=, "center" >hello: <%= strusername%> </H3>


</BODY>


</HTML>


when you are typing text, everything is normal. If you enter the SCRIPT code: <script>alert (' Hello. '; </script>,javascript warning labels will bounce out:


The warning tag will also appear on your next visit, because the script code has been left in the cookie after the first visit. This is a simple example of a cross station attack.


If you think this is a special case, you might as well go to another place on the internet and try it out for yourself. I have tested some of the big government websites, educational websites and commercial websites, and they do have some


appeared above the situation, I even found that I often use the credit card of the site can not do any filtering, think really terrible.


  


  


  


Two, use e-mail for Cross station script attack


Cross-site script attacks are particularly easy to use on list servers, Usenet servers and mail servers. The following is an example of the Mynicesite.com Web site. Because you often visit this website, its content also


really let you love not fondle admiringly, so unknowingly you will change the browser to always trust this dynamic site content settings.


mynicesite.com Web sites always earn revenue by selling email addresses that subscribe to their email messages, which is a really bad idea. So I bought one of its email addresses. And a lot of emails to you
.

。 In the letter I told you to visit this website as soon as possible and to check the latest information on your account usage. I have also made a link in this letter in order to make it convenient for you. I licked the
in the username parameter in the link URL.

script code. Some customers have unwittingly clicked on this link, which means that I was on my case (pictured), and I benefited from it:


It works like this, and when you click on the link, the script code in the link will guide your browser to download my JavaScript program and execute it. My script checks that you're using IE bangs
.
After the
, you start downloading the Acticex control ParticularlyNasty.dll. Because you've previously thought the content of this site is always safe, so that my script code and active controls can be
on your machine.

was free to run.


  


  


Three, ActiveX attack description


when discussing ActiveX, neither Cert nor Microsoft mentioned the dangers posed by the Cross-site script approach. The security issues in the << Security FAQ >> are described in more detail by the consortium. Java Applet


control of the system is strictly limited. When Sun developed it, it stipulated that only those operations that did not pose a threat to the security of the system were allowed to run.


on the other hand, ActiveX operations on the system are not strictly restricted. If one is downloaded, you can do what they want to do like an executable program installed. For this feature, IE browser also made some restrictions


, such as for insecure sites, will not allow you to download or warn you of the default settings. Companies that are developing based on ActiveX, such as VeriSign, are using ActiveX control

The
pieces are numbered. When you download the control, IE will warn you and show you how trustworthy it is. The user decides whether to trust the control. As a result, the security of the system increases.


However, for those users who have little experience, they often unconsciously modify the original settings so that they are downloaded without any hint. In addition, for a novice, even


, when prompted, will also silently download controls that are not marked. In our example, because of your trust in the site, you have changed your browser's settings so that the ActiveX control does not go through any


as shown in the case of downloading and unknowingly starting to run on your machine.


  


  


Four, 16-encoded ActiveX Script attack

It is very difficult for
to distinguish between the label of bad intentions and the script. The script can also hide itself in the form of 16. Let's take a look at the following e-mail example, okay? It is in the form of 16


was sent out:


This is almost a complete message containing a 16-in-forged URL parameter: sender=mynicesite.com. When the user clicks on the link, the user's browser will start the first example of the process and


Pop-up Warning window.





Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.