Database horse insertion vulnerability and Prevention Measures

The database plug-in has always been a blind spot in network security. Indeed, this vulnerability is hard to prevent. mdb is almost replaced with. asp to prevent database downloads.

This attack is almost fatal. No matter how strict your website is, your opponent's seemingly unbreakable line of defense will crash instantly. It can be seen that the damage is high. The database plug-in method is almost synchronized with the database defense mode from mdb to asp, which is widely used in the network. Although the mdb-to-asp method is effective, it effectively solves the problem of database downloading, but it brings a new problem, that is, the risk of asp-format database being inserted is increased.

Currently, all database plug-ins follow these steps:

1. perform a comprehensive scan on the target website to check whether the website has any data written to the database and whether the data is in asp format;
2. Conversion. Generally, a Trojan is converted to the unicode format;
3. Insert a Trojan horse in unicode format and try to insert the Trojan horse into the database. The Trojan Horse is usually inserted by exploiting some vulnerabilities of the anti-injection program;
4. Control: Use the inserted Trojan to control the target machine.


I'm afraid someone will ask why. Why is database plug-in so powerful? What is its principle?

To prevent the download of website databases and leak sensitive information. They usually change the format of the original mdb database to asp format, because mdb will not be parsed by the browser and will only be downloaded as a general file, although asp is not parsed by the browser, however, asp is a server-side parsing language. Although asp is displayed in the address bar of the browser, asp has been parsed into html code by the server, so it will not be downloaded. So the database should also be changed to asp. How can it become so lethal asp horse? That is because the database itself is composed of unicode codes. After being converted to asp, It is compiled and executed according to asp. However, the original database does not have the code that complies with asp syntax, and therefore cannot be executed. However, after a unicode sentence is inserted, It is parsed and executed by the asp engine and becomes a Trojan horse that gives the entire website away.
There is no suitable solution for this highly lethal database plug-in,Only preventive measures can be taken, Which is described below:



1. Try not to submit data to the database. If so, convert the unicode code in the data to ansi;

2. Do not convert the mdb format to asp format. It turns out that this method is not reliable. Change the database path and change the database name.