Ubb| Attack | Scripts recently, some sites have been found to be vulnerable to UBB Cross-site scripting attacks. Cross-site scripting attacks, while rarely causing any significant impact on the server, are too unworthy for a single site! Small, play point what dongdong come out, then change the homepage; Heavy theft of the user's cookies, even more will be g off the viewer's hard drive. A site is turned into a malicious website, who dares to come? If the station's webmaster more "blind" some, not a mess?
A small piece of code can really make a site like this? So we can take a look at what the so-called Cross-site scripting attack will be. Enter a site with UBB functions, such as message boards, forums, or sites with submitting programs. First, talk about the simplest script attack: And so on the filtering problem of HTML characters.
Logged on to a CGI site. Looking at the CGI site from the original ASP's perspective, it feels like CGI should be very good at filtering the script. The initial test was made. Fill in the user column, submitted to the user after registration found no illegal characters prompted. After the registration is completed, Click on the data also found that the page is distorted. If in several other countries such as the country, the gender fills in also can appear the same question, that page can not look. So changed a site, again submitted the illegal character prompts, it seems that the site is already filtered <> and other HTML script characters, that good, We switch to ASCII code replacement <> & #60; & #62; instead of submitting it again, it appears that the above page deformation, it seems that the illegal filtration mechanism is not perfect. What's more, I found a site in the Name column filled with no word size settings, no filter any illegal characters, if I submit a malicious code that does not fulfill me?
Simple scripting attacks such as HTML-formatted code must be filtered well, some of the above sites have not been involved in the UBB on the issue. Then we'll focus on the problem of UBB filtering vulnerabilities. UBB is a format symbol used by the forum to replace HTML edits, such as [B][/b] You can replace the < B> in HTML. This substitution problem, however, is the best place to build a Cross-site scripting attack. Test an ASP message board and an entire station program code:
Primary problem: [url] filtering, when submitting the code can build a onmouseover function of malicious code, since the onmouseover can be effective, then what could not do? Some of the original code program in the transformation [url][/url], only [url]s2[/url] in the S2 directly to the < a href= "S2" target=_blank>s2. See this conversion we can use the corresponding ASCII code in the & #34, instead of ", we submit one more" and then build the onmouseover function to operate, the consequences? You should know!:P
[img] Filtration, this is really a long-standing problem. It was a long time ago that [img] script attack was a fad. In this test, Many sites still have this vulnerability. Some programs do not filter at all. In particular, a number of free message board to provide a lot of sites have such a problem. Below we will focus on [IMG] tag problems:
Very simple [img]javascript:alert (); [/img] After the conversion to the code for < img src= "Javascript:alert ();" Well, here we can see Javascript:alert () < img src= "" > tag activated. The expression is the pop-up dialog box. It says what you are going to submit in (). such as Documents.cookie hehe. Most people should know what this thing does. What's more, you can write a Web page by using the document.write () function. Write what? Of course, malicious code, such as [Img]javascript:d ocument.write (); [/IMG]. () in the middle add what you want to add, write what you want to write, think more dangerous is more dangerous.
Advanced issues: Because [img] 's primary problem is harassing many sites to start filtering on a sensitive character. such as JA connection, do connection, WR connection, automatically divided into J A,d o,w R after submission. Or filter the characters to Java,document, And so on. And these can only beat a small number of people. We can still use ASCII code instead. Some people may be puzzled by the replacement code that still does not display properly. OK, let's take a complete example here:
A site UBB filter code snippet is as follows:
<%
Function code_ssstrers)
Dim strer:strer=strers
If strer= "" or IsNull (strer) then Code_ss "": Exit Function
Can understand the ASP's friend, you can see that the above code section of Javascript,jscript:,js:,about;value,document.,onmouse and OnExit and other statements are filtered and replaced. Some special characters are replaced. ".",";"" (",") [Replace code with ' middle '. After careful observation of the code, we find that its filtration mechanism is not as perfect as it might think. Submit: [mg]& #176 & #93 & #118 & #97 & #115 & #79rip & #106 & # 57documen& #115 & #76write & #30 & #29哈哈又被黑了 & #29 & #61 & #29 [/MG] Similar code enables more advanced scripting attacks. NOTE: Because many sites still have this problem, the code has been modified to be free of attack.
Open your FT2000, using text editing, you can find the ASCII code that any special character belongs to. such as: semicolon; can be substituted for &# 59, period. Can be substituted for &# 46, in this form we submit the code again. Sure enough, The entire filtration mechanism is almost completely ineffective. There was no defensive effect.
Look at the above attack method, is not feel very depressed? If you can avoid the above problems occur?
1. If your site program contains forums, message boards, and other programs with the format of submitting data, there is no good filtering mechanism, please download the upgrade program immediately or stop using. Avoid causing more problems.
2. Provide free forum, free to apply for a message board station, please UBB format closed. Or find a better resolution ubb.asp program page.
3. For some friends who will write ASP, I suggest that you filter the characters: (all characters will be written in []) such as:
["|.|;|:| \|/|&|$|#| ' |) |,| ' | | -|~| [| (||] Note: where | is the separator
4. Some sites suggest removing more of the message boards, or other procedures with submissions. For example: The original www.sangel.net used guestbook, some unknown program body problem is more. It is recommended to replace it.
5. I have also modified a foreign message board, the front desk has been basically modified. The background is catching up in the past few days. After the modification, the feeling is filtered in the text submission and the input as well as the message. Originally intended to use the English interface, but considering the N more Chinese to English not pass, I still have part of the program in Chinese. Interested friends can http://www.e3i5.com/guestbook/test. We welcome the Goodwill test.
The following is some of the site after I test the message board has the problem address, (please webmaster attention, timely patch to avoid causing unnecessary trouble), the test time is relatively short, there may be some sites did not find. There may be more serious problems.
These are the full contents of this script attack test. Look at all the sites, looks safe really dare not think again. There are many problems.
Although only a small effort can solve the problem, but a little careless will cause big problems.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.