SQL Server database table anti-JS Trojan injection ultimate tutorial know what to do.

Source: Internet
Author: User
Tags servervariables
The main manifestation of MSSQL website project injection is that scriptsrcaaa. bbb. cccjs. jsscript is added to the database field to a code similar to this. Typical JS injection for databases. The main cause is: 31. The attacker obtained the read and write permissions of SQLServer and operated the database directly for injection solution sql2000.

MSSQL website projects are injected with a piece of code like script src = http://aaa.bbb.ccc/js.js/script in the database field. Typical JS injection for databases. The main cause is: 1. Attackers obtain the read and write permissions of SQLServer and directly operate the database for injection solution sql2000.

MSSQL website project isInjectionIs as follows:DatabaseAdded", System. Text. RegularExpressions. RegexOptions. IgnoreCase );
Html = regex. Replace (html, ""); // filter the script mark

System. text. regularExpressions. regex regex1 = new System. text. regularExpressions. regex (@ "href * = * [\ s \ S] * script *:", System. text. regularExpressions. regexOptions. ignoreCase );

Html = regex1.Replace (html, ""); // filter href = javascript: () attributes

System. text. regularExpressions. regex regex2 = new System. text. regularExpressions. regex (@ "on [\ s \ S] * =", System. text. regularExpressions. regexOptions. ignoreCase );

Html = regex2.Replace (html, "_ disibledevent ="); // filter events of other controls.

System. Text. RegularExpressions. Regex regex3 = new System. Text. RegularExpressions. Regex (@" ", System. Text. RegularExpressions. RegexOptions. IgnoreCase );

Html = regex3.Replace (html, ""); // filter iframe

System. Text. RegularExpressions. Regex regex4 = new System. Text. RegularExpressions. Regex (@" ", System. Text. RegularExpressions. RegexOptions. IgnoreCase );

Html = regex4.Replace (html, ""); // filter frameset

System. Text. RegularExpressions. Regex regex5 = new System. Text. RegularExpressions. Regex (@ "javascript:", System. Text. RegularExpressions. RegexOptions. IgnoreCase );
Html = regex5.Replace (html, ""); // filter all javascript

System. Text. RegularExpressions. Regex regex6 = new System. Text. RegularExpressions. Regex (@ ": * expression", System. Text. RegularExpressions. RegexOptions. IgnoreCase );

Html = regex6.Replace (html, ""); // filter all javascript

System. Text. RegularExpressions. Regex regex7 = new System. Text. RegularExpressions. Regex (@" ", System. Text. RegularExpressions. RegexOptions. IgnoreCase );

Html = regex7.Replace (html ,"");//

System. text. regularExpressions. regex regex8 = new System. text. regularExpressions. regex (@ "src * = * [\ s \ S] * script *:", System. text. regularExpressions. regexOptions. ignoreCase );

Html = regex1.Replace (html, ""); // filter src = javascript :( ) Attribute
System. Text. RegularExpressions. Regex regex9 = new System. Text. RegularExpressions. Regex (@ "", System. Text. RegularExpressions. RegexOptions. IgnoreCase );

Html = regex3.Replace (html, ""); // filter the applet and discard the support for the applet
Return html;

}
# Endregion

2. Filter SQL Server keywords using strings

Code


// Delete andDatabaseRelated Words
Htmlstring = Regex. Replace (Htmlstring, "select", "", RegexOptions. IgnoreCase );
Htmlstring = Regex. Replace (Htmlstring, "insert", "", RegexOptions. IgnoreCase );
Htmlstring = Regex. Replace (Htmlstring, "delete from", "", RegexOptions. IgnoreCase );
Htmlstring = Regex. Replace (Htmlstring, "count'' "," ", RegexOptions. IgnoreCase );
Htmlstring = Regex. Replace (Htmlstring, "drop table", "", RegexOptions. IgnoreCase );
Htmlstring = Regex. Replace (Htmlstring, "truncate", "", RegexOptions. IgnoreCase );
Htmlstring = Regex. Replace (Htmlstring, "asc", "", RegexOptions. IgnoreCase );
Htmlstring = Regex. Replace (Htmlstring, "mid", "", RegexOptions. IgnoreCase );
Htmlstring = Regex. Replace (Htmlstring, "char", "", RegexOptions. IgnoreCase );
Htmlstring = Regex. Replace (Htmlstring, "xp_mongoshell", "", RegexOptions. IgnoreCase );
Htmlstring = Regex. Replace (Htmlstring, "exec master", "", RegexOptions. IgnoreCase );
Htmlstring = Regex. Replace (Htmlstring, "net localgroup administrators", "", RegexOptions. IgnoreCase );
Htmlstring = Regex. Replace (Htmlstring, "and", "", RegexOptions. IgnoreCase );

3. Filter SQL Server keywords by passing value strings

Code

Protectedvoid Application_BeginRequest (Object sender, EventArgs e)
{
// SQL defenseInjection
String SQL _1 = "exec | insert + | select + | delete + | update + | count | chr | mid | master + | truncate | char | declare | drop + table | creat + | creat + table ";
String SQL _2 = "exec + | insert + | delete + | update + | count (| count + | chr + | + mid (| + mid + | + master + | truncate + | char + | + char (| declare + | drop + | creat + | drop + table | creat + table ";
String [] SQL _c = SQL _1.Split ('| ');
String [] SQL _c1 = SQL _2.Split ('| ');
If (Request. QueryString! = Null)
{
Foreach (string sl in SQL _c)
{
If (Request. QueryString. ToString (). ToLower (). IndexOf (sl. Trim ()> = 0)
{
Response. Write ("warning! Your IP address has been recorded! Do not use sensitive characters! ");//
Response. Write (sl );
Response. Write (Request. QueryString. ToString ());
Response. End ();
Break;
}
}
}
If (Request. Form. Count> 0)
{
String s1 = Request. ServerVariables ["SERVER_NAME"]. Trim (); // server name
If (Request. ServerVariables ["HTTP_REFERER"]! = Null)
{
String s2 = Request. ServerVariables ["HTTP_REFERER"]. Trim (); // name received by http
String s3 = "";
If (s1.Length> (s2.Length-7 ))
{
S3 = s2.Substring (7 );
}
Else
{
S3 = s2.Substring (7, s1.Length );
}
If (s3! = S1)
{
Response. Write ("warning! Your IP address has been recorded! Do not use sensitive characters! ");//
Response. End ();
}
}
}
}

3. Obtain the data connection string of web. config.

Solution: encrypt web. config

Asp.net 2.0 encrypted web. config

Aspnet_regiis-pe "connectionStrings"-app "/xx" (xx indicates the application name)

Decryption: aspnet_regiis-pd "connectionStrings"-app "/xx"



After encryption, web. config:


After decryption ,:



The encrypted web. config program can be normally accessed, and decryption and encryption must be performed on the same machine (web. config encrypted on machine A can be decrypted only on machine ).

This is what we can think of. there will be problems later, and we will continue to improve. Please keep your colleagues correct.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.