How does a website prevent "Upload Vulnerability" intrusion?

Source: Internet
Author: User

"Upload Vulnerability" intrusion is currently the most widely used method for website intrusion. 90% of websites with upload pages have the Upload Vulnerability. This article describes common upload vulnerabilities and their defense skills.
I. vulnerability in direct upload of asp files
If a website has an upload page, you must be cautious about the asp File Upload Vulnerability. For example, the popular 5.0/6.0 forum last year has an upfile. asp uploads a page. This page does not strictly filter the file extension. As a result, hackers can directly upload asp files. Therefore, hackers only need to open upfile. asp page, directly upload, asp Trojan can get webshell, has the website administrator control.
In addition, the existing upload vulnerabilities include dynamic shopping mall, dynamic upload vulnerability, and Qiao ke Upload Vulnerability. If you run "mingkiddomain3.5", click "Comprehensive upload ", you can see these famous upload vulnerabilities.
There are still many tools for exploiting upload vulnerabilities, such as the Upload Vulnerability program 4in1, mobile 2005, leichi news system, and MSSQL, to use this tool, you only need to enter the website address and Cookies of the upload page to successfully intrude into the website.
[Defense method]: to prevent such vulnerabilities, it is recommended that the website use the latest version (for example, the mobile network version 7.1 or later) to build a website, because the latest version of the program generally does not have a direct upload vulnerability, of course, deleting a vulnerable upload page will be the safest, so that hackers can no longer exploit the Upload Vulnerability to intrude into the page!
If the upload page cannot be deleted, we recommend that you add security code to the upload program to prevent the upload of files such as asp, asa, js, exe, and com, this requires managers to understand asp programs.
Ii. 00 Upload Vulnerability
This vulnerability exists in all the currently popular online component-less upload classes-that is, hackers use "packet capture sniffing", "ULTRAEDIT", "Network army knife" and other tools to forge IP packets, break through the server's judgment on the file name and path to upload Trojans of ASP, ASA, CGI, CDX, CER, and ASPX types.
For example, if a trojan file (xiaomm.aspspace .jpg) is uploaded to a hacker, xiaomm is found once the upload program cannot contain sixteen bytes of file name data. there is a space after asp (00 in hexadecimal format), and it will not read any more, so the uploaded files will be saved as xiaomm on the server. asp, so the upload Trojan is successful!
[Precaution]: the safest precaution is to delete the upload page.
Iii. Image Trojan Upload Vulnerability
Some websites (such as the mobile network 7.1SP1 blog function) can recover/back up databases in the background management, which is used by hackers to intrude on image Trojans.
The image Trojan intrusion process is as follows: first, change the local Trojan (for example, F: \ labxw \ xiaomm.asp;extension name to .gif, then open the upload page, and upload the Trojan (for example, F: \ labxw \ trojan). asp Trojan (for example, xiaomm. asp), that is, in "backup database path (relative)", enter the path obtained after the image is uploaded. In "target database path", enter xiaomm. asp: indicates that the database is successfully restored. Open IE and enter the asp path of the database to run the Trojan.
[Precaution]: Delete the recovery/backup database function in the background management.
Iv. Add upload type Vulnerability
Currently, the upload type can be added to the background of most forums, which is a major vulnerability! As long as the hacker uses the injection method to get the password of the background Administrator account, and then adds the upload type to the background, the Trojan can be uploaded directly on the upload page!
For example, you can add the asa | asP type in the bbsxp background. After adding an operation, you can upload these two types of files. The ewebeditor background can also add the asa type, after adding the file, you can directly upload the Trojan with the asa suffix. The LeadBbs3.14 background also allows adding the asp type to the upload type. However, there must be a space after adding the file asp, then, you can upload the ASP Trojan (with the trojan file extension. add a space after asp ).
[Prevention method]: Delete the upload type function in background management.
5. General Protection against Upload Vulnerability intrusion tips: Rename Server Components
As we all know, ASP Trojans mainly use FileSystemObject and WScript. shell and Shell. therefore, as long as you modify the Registry on the server and change the name of these three components, you can disable Trojan Horse operation and prevent hacker intrusion. This action can prevent all types of upload vulnerabilities, because even if a hacker successfully uploads a Trojan to the server, the trojan cannot run because the component has been renamed!
Attackers can prevent vulnerability upload attacks.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.