Program | Problem involves program:
MS IIS
Describe
A Chinese university student discovers the NT website ASP program password Authentication flaw
With
From: benjurry@263.net
The original text reads as follows:
Very early found that many domestic programmers do not pay attention to the password verification, today went to Chen Shui-bian (www.abian.net) of the net dip, with a try, incredibly found that there is such a loophole, really let people laugh broken belly!
Principle:
Many websites put passwords into the database, use the following SQL for login verification (ASP as Lee)
Sql= "SELECT * from user where username= '" &username& "' and Pass= '" & pass& ' "
At this point, you simply construct a special username and password based on SQL, such as: Ben ' or ' 1 ' = ' 1
Hehe ... Are you in??
-----------------------------------------------------------------------
Explain:
The above SQL statement is part of an if decision for an ASP program, and if the statement returns True, the password validation passes.
After you enter a user name such as Ben ' or ' 1 ' = ' 1, the statement that it validates is executed as:
Sql= "SELECT * from user where username= '" & Ben ' or ' 1 ' = ' 1 & "' and Pass= '" & pass& ' "
Because 1=1 is true, this statement will return true because of the function of the or logical operator.
So the validation passes.
Solution
ASP programmers should use more rigorous judgment statements to prevent this security issue
The following is the solution proposed by the discovery:
The better way to do this is by:
1, processing input characters,
2, processing ', | and other characters
3, select * from user where user= ' "& User &" "
4, if return is not false, then take the password
Pass=rs ("passwd")
5. Judgment: If Pass=password
6. Draw a conclusion.
