SQL Server database table anti-JS Trojan injection ultimate tutorial know what to do.

Last Update:2018-06-01 Source: Internet

Author: User

Tags servervariables

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

The main manifestation of MSSQL website project injection is that scriptsrcaaa. bbb. cccjs. jsscript is added to the database field to a code similar to this. Typical JS injection for databases. The main cause is: 31. The attacker obtained the read and write permissions of SQLServer and operated the database directly for injection solution sql2000.

MSSQL website projects are injected with a piece of code like script src = http://aaa.bbb.ccc/js.js/script in the database field. Typical JS injection for databases. The main cause is: 1. Attackers obtain the read and write permissions of SQLServer and directly operate the database for injection solution sql2000.

MSSQL website project isInjectionIs as follows:DatabaseAdded", System. Text. RegularExpressions. RegexOptions. IgnoreCase );
Html = regex. Replace (html, ""); // filter the script mark

System. text. regularExpressions. regex regex1 = new System. text. regularExpressions. regex (@ "href * = * [\ s \ S] * script *:", System. text. regularExpressions. regexOptions. ignoreCase );

Html = regex1.Replace (html, ""); // filter href = javascript: () attributes

System. text. regularExpressions. regex regex2 = new System. text. regularExpressions. regex (@ "on [\ s \ S] * =", System. text. regularExpressions. regexOptions. ignoreCase );

Html = regex2.Replace (html, "_ disibledevent ="); // filter events of other controls.

System. Text. RegularExpressions. Regex regex3 = new System. Text. RegularExpressions. Regex (@" ", System. Text. RegularExpressions. RegexOptions. IgnoreCase );

Html = regex3.Replace (html, ""); // filter iframe

System. Text. RegularExpressions. Regex regex4 = new System. Text. RegularExpressions. Regex (@" ", System. Text. RegularExpressions. RegexOptions. IgnoreCase );

Html = regex4.Replace (html, ""); // filter frameset

System. Text. RegularExpressions. Regex regex5 = new System. Text. RegularExpressions. Regex (@ "javascript:", System. Text. RegularExpressions. RegexOptions. IgnoreCase );
Html = regex5.Replace (html, ""); // filter all javascript

System. Text. RegularExpressions. Regex regex6 = new System. Text. RegularExpressions. Regex (@ ": * expression", System. Text. RegularExpressions. RegexOptions. IgnoreCase );

Html = regex6.Replace (html, ""); // filter all javascript

System. Text. RegularExpressions. Regex regex7 = new System. Text. RegularExpressions. Regex (@" ", System. Text. RegularExpressions. RegexOptions. IgnoreCase );

Html = regex7.Replace (html ,"");//

System. text. regularExpressions. regex regex8 = new System. text. regularExpressions. regex (@ "src * = * [\ s \ S] * script *:", System. text. regularExpressions. regexOptions. ignoreCase );

Html = regex1.Replace (html, ""); // filter src = javascript :( ) Attribute
System. Text. RegularExpressions. Regex regex9 = new System. Text. RegularExpressions. Regex (@ "", System. Text. RegularExpressions. RegexOptions. IgnoreCase );

Html = regex3.Replace (html, ""); // filter the applet and discard the support for the applet
Return html;

}
# Endregion

2. Filter SQL Server keywords using strings

Code

// Delete andDatabaseRelated Words
Htmlstring = Regex. Replace (Htmlstring, "select", "", RegexOptions. IgnoreCase );
Htmlstring = Regex. Replace (Htmlstring, "insert", "", RegexOptions. IgnoreCase );
Htmlstring = Regex. Replace (Htmlstring, "delete from", "", RegexOptions. IgnoreCase );
Htmlstring = Regex. Replace (Htmlstring, "count'' "," ", RegexOptions. IgnoreCase );
Htmlstring = Regex. Replace (Htmlstring, "drop table", "", RegexOptions. IgnoreCase );
Htmlstring = Regex. Replace (Htmlstring, "truncate", "", RegexOptions. IgnoreCase );
Htmlstring = Regex. Replace (Htmlstring, "asc", "", RegexOptions. IgnoreCase );
Htmlstring = Regex. Replace (Htmlstring, "mid", "", RegexOptions. IgnoreCase );
Htmlstring = Regex. Replace (Htmlstring, "char", "", RegexOptions. IgnoreCase );
Htmlstring = Regex. Replace (Htmlstring, "xp_mongoshell", "", RegexOptions. IgnoreCase );
Htmlstring = Regex. Replace (Htmlstring, "exec master", "", RegexOptions. IgnoreCase );
Htmlstring = Regex. Replace (Htmlstring, "net localgroup administrators", "", RegexOptions. IgnoreCase );
Htmlstring = Regex. Replace (Htmlstring, "and", "", RegexOptions. IgnoreCase );

3. Filter SQL Server keywords by passing value strings

Code

Protectedvoid Application_BeginRequest (Object sender, EventArgs e)
{
// SQL defenseInjection
String SQL _1 = "exec | insert + | select + | delete + | update + | count | chr | mid | master + | truncate | char | declare | drop + table | creat + | creat + table ";
String SQL _2 = "exec + | insert + | delete + | update + | count (| count + | chr + | + mid (| + mid + | + master + | truncate + | char + | + char (| declare + | drop + | creat + | drop + table | creat + table ";
String [] SQL _c = SQL _1.Split ('| ');
String [] SQL _c1 = SQL _2.Split ('| ');
If (Request. QueryString! = Null)
{
Foreach (string sl in SQL _c)
{
If (Request. QueryString. ToString (). ToLower (). IndexOf (sl. Trim ()> = 0)
{
Response. Write ("warning! Your IP address has been recorded! Do not use sensitive characters! ");//
Response. Write (sl );
Response. Write (Request. QueryString. ToString ());
Response. End ();
Break;
}
}
}
If (Request. Form. Count> 0)
{
String s1 = Request. ServerVariables ["SERVER_NAME"]. Trim (); // server name
If (Request. ServerVariables ["HTTP_REFERER"]! = Null)
{
String s2 = Request. ServerVariables ["HTTP_REFERER"]. Trim (); // name received by http
String s3 = "";
If (s1.Length> (s2.Length-7 ))
{
S3 = s2.Substring (7 );
}
Else
{
S3 = s2.Substring (7, s1.Length );
}
If (s3! = S1)
{
Response. Write ("warning! Your IP address has been recorded! Do not use sensitive characters! ");//
Response. End ();
}
}
}
}

3. Obtain the data connection string of web. config.

Solution: encrypt web. config

Asp.net 2.0 encrypted web. config

Aspnet_regiis-pe "connectionStrings"-app "/xx" (xx indicates the application name)

Decryption: aspnet_regiis-pd "connectionStrings"-app "/xx"

After encryption, web. config:

After decryption ,:

The encrypted web. config program can be normally accessed, and decryption and encryption must be performed on the same machine (web. config encrypted on machine A can be decrypted only on machine ).

This is what we can think of. there will be problems later, and we will continue to improve. Please keep your colleagues correct.

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More