Source: http://zhengj3.blog.51cto.com/6106/290724
This repair task is designed to handle the following security issues:
[1] SQL blind Injection
[2] SQL Injection
[3] XPath Injection
[4] database error modes discovered
[5] Cross-Site Scripting
[6] Authentication Bypass Using SQL Injection
[7] HTTP Response Segmentation
[8] link injection (facilitating cross-site Request Forgery)
Details
The remedy for several problems is to clear user input. By verifying that the user input does not contain any dangerous characters, it may prevent malicious users from causing the application to execute unplanned tasks, such: start any SQL query, embed the Javascript code that will be executed on the client, and run various operating system commands. We recommend that you filter out all the following characters:
[1] | (vertical line)
[2] & (& Symbol)
[3]; (semicolon)
[4] $ (dollar sign)
[5] % (percent sign)
[6] @ (at symbol)
[7] (single quotes)
[8] "(quotation marks)
[9] (backslash escape single quotes)
[10] "(backslash escape quotation marks)
[11] <> (angle brackets)
[12] () (parentheses)
[13] + (plus sign)
[14] CR (carriage return, ASCII 0x0d)
[15] LF (line feed, ASCII 0x0a)
[16], (comma)
[17] (backslash)
The following sections describe the revision suggestions for various problems and the dangerous characters that may trigger these problems: SQL Injection and SQL blind Note:. make sure that the value and type (such as Integer and Date) entered by the user are valid and meet application expectations. B. Use stored procedures to abstract data access so that users do not directly access tables or views. When using stored procedures, use the ADO command object to implement them to enhance the variable type. C. Clear the input to exclude the Context Change symbol, for example:
[1] (single quotes)
[2] "(quotation marks)
[3] (backslash escape single quotes)
[4] "(backslash escape quotation marks)
[5]) (ending brackets)
[6]; (semicolon)
Cross-site Scripting: A. Clears user input and filters out JavaScript code. We recommend that you filter out the following characters:
[1] <> (angle brackets)
[2] "(quotation marks)
[3] (single quotes)
[4] % (percent sign)
[5]; (semicolon)
[6] () (parentheses)
[7] & (& Symbol)
[8] + (plus sign)
B. if you want to revise the <% 00 script> variant, refer to the MS Article 821349C. for UTF-7 attacks: if possible, we recommend that you encode a specific character set using the Content-Type header or the <meta> flag ). HTTP Response segmentation: clears user input (at least the input later embedded in the HTTP response ). Make sure that the input does not contain malicious characters, such:
[1] CR (carriage return, ASCII 0x0d)
[2] LF (line feed, ASCII 0x0a) Remote Command Execution: clear input to exclude symbols that are meaningful to the execution of operating system commands, for example:
[1] | (vertical line)
[2] & (& Symbol)
[3]; (semicolon)
Run the shell command: A. Never pass unchecked user input to Perl commands such as eval (), open (), sysopen (), and system. B. Ensure that the input does not contain malicious characters, such:
[1] $ (dollar sign)
[2] % (percent sign)
[3] @ (at symbol)
XPath injection: clear input to exclude Context Change symbols, for example:
[1] (single quotes)
[2] "(quotation marks) and so on
LDAP injection: A. Use positive verification. Letter/number filtering (A. Z, a. z, 0. 9) is suitable for most LDAP queries. B. Special LDAP characters that should be filtered out or escaped:
[1] A space or "#" character starting with a string
[2] space characters ending with a string
[3], (comma)
[4] + (plus sign)
[5] "(quotation marks)
[6] (backslash)
[7] <> (angle brackets)
[8]; (semicolon)
[9] () (parentheses)
MX injection: Special MX characters should be filtered out:
[1] CR (carriage return, ASCII 0x0d)
[2] LF (line feed, ASCII 0x0a) record forgery:
Special record characters should be filtered out:
[1] CR (carriage return, ASCII 0x0d)
[2] LF (line feed, ASCII 0x0a)
[3] BS (backspace, ASCII 0x08)
ORM injection: A. Ensure that the values and types (such as Integer and Date) entered by the user are valid and meet application expectations. B. Use stored procedures to abstract data access so that users do not directly access tables or views. C. query APID using parameterization. Clear the input to exclude the Context Change symbol, for example :(*):
[1] (single quotes)
[2] "(quotation marks)
[3] (backslash escape single quotes)
[4] "(backslash escape quotation marks)
[5]) (ending brackets)
[6]; (semicolon)
(*) This applies to SQL. Advanced query languages may require different cleanup mechanisms.