Plug Web Vulnerability (in)

Source: Internet
Author: User
Tags file copy html tags mdb database access database ntfs permissions
Web other error


In addition, there are other errors that are difficult to categorize, such as "non-1 or 0", which leads to bypassing the authentication problem.





9.2.3 Common CGI vulnerability detection Tool





1.Twwwscan





This tool is faster, and can use the parameters of the Windows System and UNIX system scanning, not using a graphical interface, simpler;





2.Cis





is a graphical compact scanning tool, mainly for Windows system design, the detection of CGI problems have a more detailed description, conducive to the use, analysis and resolution of vulnerabilities;





3.Voideye





graphics interface To do more fancy, you can check the CGI problem more, but not too accurate.





4.Webscan





inspection of a variety of special, as if there are 300 fishes, can provide HTML format report, set up a number of following attacks, these tools just check the server is not the link exists, if there is, it will report the existence of loopholes, of course there will be many false positives, tools are dead, people are alive, It takes a little time to familiarize yourself with these tools.





9.2.4 How to make your CGI more secure





understand CGI security issues, we should also know how to enhance the security of CGI, right? Here's a quick summary for reference:





1. Use the latest version of the Web server, install the latest patches, properly configure the server;





2. Follow the Help file to properly install the CGI program, delete unnecessary installation files and temporary files;





3. Use a secure function when writing a CGI program using C;





4. Use a secure and effective method of authenticating a user's identity;





5. Verify the source of the user, prevent the user too much action in a short time;





6. Recommended Filtration "&; ' \ ' | * ? ~ < > ^ () [] {} $ \ r \ n \ t # ... /;





7. Take care of the accident;





8. Develop a safe and reasonable strategy when implementing functions;





9. To cultivate good programming habits;





10. Scientific and rigorous academic attitude, avoid the mistake of "take for granted";




Safety
of
9.3asp




ASP (Active Server Page), an important web technology. The advent of the Internet has brought new vitality, it in an unprecedented way to deal with the browser and server interaction through the built-in objects, ADO support, WSH (through it to manage NT DOMAIN) can almost complete the traditional application can do all the work!!





ASP is a combination of HTML (Hypertext Markup Language Hypertext Identification language), script and CGI (Common Gateway Interface Common Gateways Interface), but it is more efficient than CGI, Programming is also more convenient and flexible than HTML, and program security and confidentiality are better than script. If this is your first contact with the Internet, then you may not be familiar with the above nouns, and the following are explanations of nouns and the differences between them.





HTML (hypertext Markup Language) is a Hypertext identification language in which files can be uploaded and browsed on the Internet, and users can browse them by using a Web browser tool, and the more commonly used tools include Microsoft Internet Explorer,netscape Communicator, and so on, because HTML files are made up of tags (tag), so it is more suitable for making static Web pages, moreover, because of the inherent limitations of HTML can not directly access the database, So most of the work of accessing the database relies on CGI to handle it. ASP can not only contain HTML tags, but also direct access to the database and the use of unlimited expansion of ActiveX controls, so the programming is more convenient than HTML and more flexible.





simply put, ASP is a server-side scripting environment in which users can create and run dynamic interactive Web server applications, such as interactive dynamic Web pages, including the use of HTML forms to collect and process information, upload and download, and so on, Just as users are using their own CGI programs. But he's simpler than CGI. More importantly, the ActiveX technology used by ASP is based on an open design environment in which users can define and make components to join and make their dynamic web pages almost limitless, which is far less than traditional CGI programs. The advantage of using ASP is that the ASP can access the database easily using ADO (Active data Object, a new Microsoft Data access model, similar to DAO), making it possible to develop a WWW based application system.





9.3.1asp Vulnerability Analysis and solution





ASP vulnerabilities have been very few, want to find the actual location of the database is not simple, but this does not mean that the hacker can not enter, it is this view, the general programmer often forget to carefully check whether there is a loophole, so it is possible to cause the site data stolen events occur.





ASP contains a security vulnerability, that is, in the/site/eg/source.asp with the software sales of the sample program, the contents of which teach users how to the server in this directory at random to write files. The solution to this vulnerability is to recommend removing the sample programs provided by All software.





1.code.asp file will leak ASP code





for a very simple example, there is an. asp file in the Microsoft-provided ASP1.0 routines that are designed to view the source code for other. asp files, which is aspsamp/samples/code.asp. If someone uploads the program to the server and the server does not have any precautions, he can easily view other people's programs. For example:





code.asp source=/directory/file.asp





But this is a relatively old loophole, I believe it is very rare to have such a loophole.





The following command is relatively new:





http://someurl/iissamples/exair/howitworks/code.asp/lunwen/soushuo.asp=xxx.asp




The biggest harm of
is that the ASP file can be read by the above way, and the database password is exposed to the hacker in clear form;





problem resolution or suggestion:





for an ASP program file with the show ASP code from IIS, delete the file or disallow access to the directory.





2.filesystemobject Components tamper with the vulnerability to download any file on a FAT partition





IIS3, IIS4 ASP file operations can be implemented through the FileSystemObject, including text files read and write directory operations, file copy renamed Delete, but this powerful feature also left a very dangerous "back door." Using Filesystemobjet, you can tamper with downloading any file on a FAT partition. Even NTFS partitions, if the permissions are not set, can also be destroyed, inadvertently you may suffer from "extinction." Unfortunately, a lot of webmaster only know that the Web server is running, the NTFS permissions are rarely set, and the default settings for NT directory permissions are unsafe and terrible. Therefore, if you are a webmaster, it is recommended that you pay close attention to the server settings, as much as possible to build the Web directory on the NTFS partition, the directory does not set everyone Full control, even the members of the Administrators group generally do not need to control, As long as there is read, change permissions is sufficient. You can also delete or rename the FileSystemObject components.





3. Entering standard HTML statements or JavaScript statements can change the output





what is the result of entering a standard HTML statement in an input box?





such as a message book, our message content input:





<font size=10> Hello! </font>





If your ASP program does not block HTML statements, you will change the size of the "Hello" font. Changing the font size and texture in the message book is sometimes not a bad thing, but it can make the message lively. But if you write a dead loop of JavaScript in the input box, for example: <a herf= "Http://someurl" onmouseover= "while (1)" > Mega News </a>





so other guests who view the message simply move the mouse to "Mega News", which causes the user's browser to die in a dead loop.





Solutions and Recommendations:





When writing similar programs, you should take precautions against such operations, such as writing a program to judge the input of the client and masking all HTML and Javascrip.





4.Access MDB database may be downloaded vulnerabilities





Problem Description:





when using Access as a background database, if someone knows or guesses the path and database name of the server's Access database in various ways, it is very dangerous to be able to download the Access database file. For example: If you have Access database Book.mdb placed in the virtual directory under the database directory, then someone in the browser input:





http://Someurl/database/book.mdb





If your Book.mdb database is not encrypted beforehand, all the important data in Book.mdb is in the hands of others.





Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.