Zero Distance from SQL injection attacks

Once and again SQL injection and intrusion, once and again the website is hacked. In that case, vulnerabilities are inevitable. Is there no way to solve them? This article explains the principles of SQL injection and provides some preventive methods. I. Basics Analyze the cause of the vulnerability, mainly because the parameters are not completely filtered. Cntid = request ("cntid ") Such a statement has an injection attack. First, it does not verify whether it is an integer. Solution: <% Dim cntid Cntid = Replace (Request ("cntid "),"","") If (not isnumeric (cntid) then Call Error Response. End End if Sub error () Response. Write "<Table align = center width = 300 border = 0 Cellpadding = 4 cellspacing = 0>" Response. Write "<tr>" Response. Write "<TD colspan = 2 Height = 15>" Response. Write "<Div align = center> Operation: parameter error! </Div>" Response. Write "</TD>" Response. Write "</tr>" Response. Write "<tr>" Response. Write "<TD colspan = 2 Height = 23>" Response. Write "<Div align = center> <br>" Response. Write "parameter error !!! Illegal detection recorded <br>" Response. Write "<a href = javascript: onclick = history. Go (-1)> return </a>" Response. Write "<br> </div> </TD>" Response. Write "</tr> </table> </body> End sub %> This is the most basic filter. If an invalid parameter is submitted, the result 1 is as follows: So what else do we need to pay attention? The user name registration must be filtered out with some special characters. Let's continue with the previous topic. We assume it is username. <% Dim Username Username = Replace (Request ("username "),"","") If instr (username, "=")> 0 or instr (username, "%")> 0 or instr (username, CHR (32)> 0 or instr (username, "? ")> 0 or instr (username," & ")> 0 or instr (username,"; ")> 0 or Instr (username, ",")> 0 or instr (username, "")> 0 or instr (username, ",")> 0 or instr (Username, CHR (34)> 0 or instr (username, CHR (9)> 0 or instr (username, "")> 0 or Instr (username, ">")> 0 or instr (username, "<")> 0 or instr (username, "$")> 0 or instr (Username, "#")> 0 or instr (username, "@")> 0 then Call Error Response. End End if Sub error () Response. Write "<Table align = center width = 300 border = 0 Cellpadding = 4 cellspacing = 0>" Response. Write "<tr>" Response. Write "<TD colspan = 2 Height = 15>" Response. Write "<Div align = center> operation: the parameter is incorrect. Incorrect! </Div>" Response. Write "</TD>" Response. Write "</tr>" Response. Write "<tr>" Response. Write "<TD colspan = 2 Height = 23>" Response. Write "<Div align = center> <br>" Response. write "the username contains invalid characters (" = "," % ", "?", "&", ";", ",", "", ","> "," <"," $ "," # "," @ ") <Br>" Response. Write "< Href = javascript: onclick = history. Go (-1)> return </a>" Response. Write "<br> </div> </TD>" Response. Write "</tr> </table> </body> End sub %> Using this principle, we can also filter out possible cross-site scripting for cookies: The same method is used to filter cookies and Java. Note that username must be username = Replace (Request ("username "),"",""), this means to filter the data into ". The purpose of this operation is to prevent intrusion such as 'or' =. But if it is similar to www.xx.com/list.asp? Action = search We can filter <% Action = request ("action ") Select case action Case "Search" Call search () Case else Call search () End select Sub search () Here is the search content End sub %> You can see that both right and wrong search are executed. This can also prevent SQL. Ii. Password Security Irreversible encryption is a required option to prevent brute force password cracking. MD5 uses a very weak logon address. <symbol character symbol, many source codes are provided. <! -- # Include file = "md5.asp" --> the MD5 function is introduced here. <% Dim Username Username = MD5 (MD5 (replace (Request ("username "),"",""))) %> Here we implement two MD5 encryption times. Generally, it is enough for two to three times, making brute-force cracking more difficult :) Cookie spoofing is very serious, so generally the background administrator must perform session verification. Implementation Method After successful login, we write Session ("btadmin") = rsadmin ("admin ") Create a verification function cookie. asp The content is as follows: <% If SESSION ("btadmin") = "" then Response. Redirect "Admin. asp" End if %> Add <! -- # Include file = "cookies. asp" --> In this way, illegal login can be prevented :) We often see such a verification code to prevent brute-force cracking. Implementation Method. Assume that the login is login. asp We add: <% Dim P Randomize' initializes the random number generator. P = int (8999 * RND) + 1000) Session ("cntcode") = P %> Insert verification code table <Tr> <TD valign = middle> enter the Verification Code </TD> <TD valign = middle> <Input name = yanzhen type = text> Enter <% = SESSION ("cntcode") %> </TD> </tr> In the left border. Final verification program: <% If request ("yanzhen") = "" or trim (Session ("cntcode ")) <> Trim (replace (Request ("yanzhen"), "", "") then Response. Write "Enter your verification code correctly. " Response. End Else %> Program Running Effect 2: Iii. Database Security There are more and more methods for database explosion. Let's look at: 3 According to a previous article in XFile, replacing/with % 5c is true for many websites. You can see the database address clearly. How can this problem be prevented? ... (For code, see the magazine )........... This is a database connection file, most of which are conn. asp The key is that the next sentence has an error with on error resume next. Let's take a look at his running effect. The database is not exposed except the image display is abnormal :) In fact, we recommend that you use win2003 as the server. When you replace it with % 5c _ Blank> http: // 127.0.0.1/fourm. asp? Cntid = 4 Automatically changed to % 5cfourm. asp/multiple/ _ Blank> http: // 127.0.0.1% 5cfourm. asp /? Cntid = 4 The server cannot be found. The only result is more powerful :) Another way is to prevent the other party from downloading the database. The method is Create a notdown table with the field "nodown" and the Data Type "Ole 4" Save as MDB. MDB OK, let's write a nodown. asp The Code is as follows: ... (For code, see the magazine )........... Upload it to your space together with the database, or create an IIS locally to run nodown. asp A message is displayed, indicating that the record is successfully added. OK. Rename the database MDB. asp. Enter the database address in the browser: Prompt Active Server Pages error ASP 0116 Drop script close Separator /BBS/cntlovebbs. asp, row 44042 The script block lacks the script close mark (%> ). An HTTP 500 error is prompted during express download. Okay, so the database security has passed. :) Let's talk about the new thinking below: no technical difficulty. I will write it in VB :) 4. Secure background Login ... (For code, see the magazine )........... OK :) the program is simple and surprising. Its functions are not small. Your website can be much safer than before.