Latest Version of dongle V3.3 bypass interception injection vulnerability and repair solution

Latest Version of dongle V3.3 bypass interception injection vulnerability and repair solution

There is a problem with the interception and filtering of the latest version of dongle, which can bypass interception for injection.

I discovered this vulnerability in V3.1 and upgraded it to a newer V3.2. However, I just tried the latest V3.3 version, the vulnerability 3.3 came out again, as shown in the following code:

For Select from interception, % 81 ~ can be inserted before, after, or in the middle of the select statement ~ % Ff to bypass interception Injection



For example:
 

?id=1%20union%20sel%81ect%201,2%20from%20admin?id=1%20union%20select%81%201,2%20from%20admin?id=1%20union%20%81select%201,2%20from%20admin

All three forms can break through interception injection.



In addition, for simple interception such as or and, % 0c or % 0d is added before and after or and, all versions exist, and we hope to fix it in the next update.

Test environment: windows2003 + iis6.0 + V3.3 dog

Program: asp Connection database (outputs the current query statement and displays the query result)



To prove the vulnerability, I have installed the latest V3.3 on my server. The result is as follows:

(Version 3.3 is shown in the figure)

On the homepage, see normal injection:

Statement :? Id = 0% 20 union % 20 select % ,,2% 20 from % 20 admin

Intercepted
 

Insert % 81 for breakthrough

Statement :? Id = 1% 20 union % 20 select % 81% from % 20 admin

The Field 1 and 2 are exposed, and the dog is not intercepted.
 

 

Solution:

This vulnerability was tested on V3.1. V3.2 does not exist (but can be used to guess table injection). The latest V3.3 actually exists. I really don't know how to update it.



For the generation of vulnerabilities, I think that developers first use regular expressions to first match the existence of select statements. Then % 81 ~ The character filtering between % ff makes a logical error. It should be filtering before matching!



Finally, I found that there was a problem with the dongle Update check. from 3.1 to 3.2, I was prompted to update the latest version. However, the official version is version 3.3.