Guard against scripting intrusion, are you ready to do it?

Script as a network administrator, many friends are also responsible for the company's Web site development and maintenance work, for web development I think we are more proficient, but how to write secure scripting code and how intruders through the Web to infiltrate the server, may not be very clear, A lot of friends mistakenly think that my server has a hardware firewall, and only 80 ports open, there will be no network security problems. Below I will introduce you to some of the more common methods of scripting attacks, so that you can find a way to protect the security, so as to improve the security of the server.

　　1. Simple scripting attacks

This kind of attack is because the Web program written on the special character filtering is not strict, although not a serious threat to the security of the server, but it can enable intruders to publish malicious code containing HTML statements, disturb the order of the site, thereby adversely affect the site. Here is an example: a Web site in the user registration, there is no special characters to filter, it may be boring people to use, assuming the forum's administrator ID: webmaster, then there may be someone registering the user name as webmaster, although the ID is different, But in the page display is the same, if the boring people to change the other information and webmaster, it is difficult to distinguish between the two ID which is true which is false. There are many websites have their own development of the message board, and support to submit HTML message, which gives the spoiler the opportunity to write an automatic pop-up window and open a Trojan page code, so that other people browsing this message may be planted under the Trojan horse. The precaution method is very simple, add a filter function is OK:

〈%
function Sqlcheck (fstring)
fstring = Replace (fstring, "'", "")
fstring = Replace (fstring, "", "")
fstring = Replace (fstring, ";", "")
fstring = Replace (fstring, "--", "")
fstring = Replace (fstring, ",", "")
fstring = Replace (fstring, "(", "")
fstring = Replace (fstring, ")", "")
fstring = Replace (fstring, "=", "")
fstring = Replace (fstring, "%", "")
fstring = Replace (fstring, "*", "")
fstring = Replace (fstring, "<", "")
fstring = Replace (fstring, ">", "")
Sqlcheck = fstring
End Function
%〉

The string = replace (fstring, <, "") in the above filter function fstring = replace (fstring, >, "") can remove the "<" and ">" symbols in the statement so that the HTML code cannot run.

　　2. SQL Injection Vulnerability Attack

Also known as SQL Injection attack, is a common web attack method, which utilizes the attack of querying the database by constructing special SQL statements, which makes it easy for intruders to get a webshell and then use this Webshell for further infiltration, Until the system's administrative authority, so this attack mode is very harmful. We recommend that you use NBSI, Banyan Wed+wis and other injection tools to scan your site to see if this vulnerability exists. There is also a special SQL injection vulnerability, the reason is very special, it is because it constructs a special SQL statement that deceives the identity code of the user, for example, after the intruder finds the admin entry, enter "' or ' 1 ' = ' 1 '", "' or '" = ' Or (' a ' = ' a ', "" or "a" = "a", "such strings as ' or ' a ' = ' a ', ' ' or ' 1=1--' (without quotes) are submitted, and it is possible to go directly to the backend admin interface, which also shows how important it is to filter special characters. There is also a point to note, must not let others know the site's background Management page address, in addition to the above reasons, this can also prevent intruders through brute force to break the background administrator username and password methods into the background management. This kind of attack to prevent the method in addition to the filter function mentioned above, but also to screen the error message of the site, but also need to configure the implementation of IIS permissions, the previous magazine also detailed the precautionary approach, here do not do detailed instructions.

　　3. Attacks on whole-station systems and forums

Many sites use some such as dynamic, Joek, dynamic nets, bbsxp and other high-profile, powerful systems and forums, because of the powerful functions of these systems, it is inevitable that the security risk is not small. Because the code of these systems can be obtained directly from the Internet, coupled with the use of these systems more sites, so the study of these system vulnerabilities are many people, we will often see on the internet, such as the latest loopholes in the article, suggesting that you often do not regularly go to the official website of these systems to download the latest patches.

This article is mainly to enable the vast number of Web program developers to improve security awareness and to find ways to prevent intruders, by studying some of the above intrusion methods to prevent intruders attack, please do not use some of the methods described in this article used to attack others, by the method of this article caused any loss, the user is responsible for, I do not accept responsibility.