输入网站漏洞检测归类和解决方案(Website vulnerability detection, classification and solution)

网站漏洞检测  时间:2021-04-27  阅读:()

网站漏洞检测归类和解决方案Website vulnerability detection,classification and solution

Everything is ready except one crucial element. Last night, thewest wind withered green trees, alone on the tall buildings,looking at the end of the road. I will mount a long wind someday and break the heavy waves, and set my cloudy sail straightand bridge the deep, deep sea。 The pen falls into the wind andrain, and the poem becomes the ghost. Who knows nothing? It' snever too late to mend. This article is contributed by s8h4a2n6DOC documents may experience poor browsing on the WAP side. Itis recommended that you first select TXT, or download the sourcefile to the local view.

A,

Typical website vulnerability classification

According to the risk level, the website vulnerability can bedivided into three kinds of high risk, medium risk and low risk.Among them, high-risk vulnerabilities must be blocked. Some ofthe loopholes in the medium and low risk vulnerabilities mustbe blocked. There are also some medium and low riskvulnerabilities, which may be selectively blocked because thecost of plugging may be higher than the losses caused by nonblocking. Tools can be used to search the platform forvulnerability scanning, the specific address is:http://www. iiscan.com typical website vulnerabilityclassification and corresponding sealing requirements as shownin the table below:

Risk level

1, the highriskof SQL injection2, cross site vulnerabilitiesMedium and low risk 1, default test case file 2, managementbackground landing portal

Medium and low risk 1, email address exists

Vulnerability name

3, XPATH injection leak 3, application error caused by 2,invalid link hole information leakage 4, backup files causedby source code leakage 3, Web application default directorySealing requirement

Must plug

Selective plugging

One

Two,

Typical website vulnerability impact and Solutions

1, SQL injection vulnerability impact: this vulnerabilitybelongs to the common vulnerabilities in Web applicationsecurity, belonging to OWASP TOP 10 (2007) in the injection

class vulnerabilities. SQL injection vulnerabilities arepresent in many WEB applications. SQL injection is an attackerwhouses code flaws to attack, and canbe used in any applicationparameter that can affect database queries. For example, theparameters of the URL itself, post data, or cookie values. Anormal SQL injection attack depends largely on the attacker' saccess to information from the error message. However, even ifno error messages are displayed, the application may still beaffected by the SQL injection. In general, SQL injection is anattack on Web applications rather than on the web server or theoperating system itself. As its name suggests, SQL injectionis the act of adding unexpected SQL commands to a query tomanipulate the database in a way that database administratorsor developers do not anticipate. If successful, you can obtain,modify, inject, or delete data from the database server thatis used by the vulnerability web application. In some cases,the SQL can be injected into the fully controlled system.Solution: protection recommendations include the deployment oflayered security measures (including in accept user input whenusing parameterized queries) , to ensure that applications useonly the expected data, strengthening the database server toprevent access data inappropriate. The following measures arerecommended to prevent SQL injection vulnerabilities:Two

Use the following suggestions for development. Written from theweb application of SQL injectionattack effect. Aparameterizedquery: SQL injection from the attacker control data to modifythe query query logic, so the best way to prevent SQL injection

attacks is to query the logic and data separation, which canprevent the execution of the injection from the user inputcommands. Defects in this way are likely to have an impact onperformance (but with little impact) , and each query on the sitemust be constructed in this way to be fully valid. Justbypassing a query inadvertently is enough to cause theapplication to be affected bySQL injection. The following codeshows an example of a SQL statement that can do SQL injection.SSql = "SELECT, Locat i onName, FROM, Locat i ons"";ssql=ssql+ “LocationID=” +要求[” ]  ocmd. commandtext=ssqlLocationID” 

下面的例子使用了参数化的查询不受SQL注入攻击的影响。ssql = “SELECT * FROM位置”  ssql = ssql + “Locat ionID = @LocationID”  ocmd. commandtext =ssql ocmd。参数。添加 “@LocationID” 要求“LocationID [” ] 

应用程序没有包含用户输入向服务器发送SQL语句而是使用@LocationID-参数替代该输入这样用户输入就无法成为SQL执行的命令。

这种方式可以有效的拒绝攻击者所注入的任何输入尽管仍会生成错误但仅为数据类型转换错误而不是黑客可以利用的错误。以下代码示例显示从HTTP查询字符串中获得产品ID并使用到SQL查询中。请注意传送给SqlCommand的包含有选择的字符串仅仅是个静

态字符串不是从输入中截取的。此外还请注意使用Sql Parame ter对象传送输入参数的方式该对象的名称@ PID匹配SQL查询中所使用的名称。

C #示例

一串connstring

=webconf igurationmanager。 connectionStrings [ “myconn” ] 。connectionstr ING使用SqlConnection conn=新的SqlConnectionconnstring {康涅狄格州open()  SqlCommand CMD =新SqlCommand  “select count *从产品prodid= “PID”  CONNSqlParameter prm =新的SqlParameter  “PID” 

SqlDbType.VarChar 50 PRM。值=请求。 QueryString [ “PID” ] CMD参数。添加PRM int reccount=int命令。executescalar()  }

四vb.net示例

昏暗的connstring

作为

字符串

=webconf igurationmanager。 ConnectionStrings  “ConnectionString myconn” 。

使用新的SqlConnection conn connstring康涅狄格州open()暗淡CMD为SqlCommand=新SqlCommand  “sel ect count *从产品prodid = “PID”  CONN昏暗的PRM为SqlParameter =新的SqlParameter  “PID” 

SqlDbType.VarChar 50 PRM。值=请求。 QueryString  “PID” 命令参数。添加PRM昏暗的reccount整数=CMD executescalar()端使用。

验证输入可通过正确验证用户输入的类型和格式防范大多数SQL注入攻击最佳方式是通过白名单定义方法为对于相关的字段只接受特定的帐号号码或帐号类型或对于其他仅接受英文字母表的整数或字母。很多开发人员都试图使用黑名单字符或转义的方式验证输入。总体上讲这种方式通过在恶意数据前添加转义字符来拒绝已知的恶意数据如单引号这样之后的项就可以用作文字值。

这种方式没有白名单有效 因为不可能事先知道所有形式的恶意数据。

对于安全操作============

使用以下建议帮助防范对Web应用的SQL注入攻击。

限制应用程序权限限制用户凭据仅使用应用运行所必需权限的任何成功的SQL注入攻击都会运行在用户凭据的环境中

Although restricting permissions can not completely preventSQL injection attacks, it can greatly increase the difficulty.Strong system administrator password policy: usually theattacker needs to function to the administrator account usingspecific SQL command, if the system administrator password isthen easier to violent speculation, increasing the likelihoodof success of SQL injection attacks. Another option is not touse the system administrator password at all, but to create aspecific account for a specific purpose.

Consistent error message program: make sure you provide aslittle information as possible when a database error occurs.Do not leak the entire error message and process error messageson both the web and the application server. When a web serverencounters a processing error, a generic web page responseshouldbeused, or theuser redirectedto the standard location.Never release debug information or other details that might beuseful to attackers.

For instructions onhow to close verbose errormessages in IIS,see:

Six

Http://www.microsoft.com/windows2000/en/server/i is/default.asp? Url= /windows2000/en/server/i is/htm/core/iierrcst.htm?

Use the syntax below to suppress error messages on the Apacheserver:

Syntax: , ErrorDocument, <3-digi t-code>, Examp le: ,

ErrorDocument, 500, /webserver_errors/server_error500. txtApplication servers like WebSphere usually default byinstalling error messages or debugging settings. Forinformation about how to suppress these error messages, referto the application server document.

Stored procedures: if not used, delete the SQL storedprocedures such as master. .Xp_cmdshell, xp_startmail,xp_sendmail, sp_makewebtask, and so on.

The SQL injection vulnerability fundamentally depends on thecode for the web application. Although not a fix, you can detectSQL injection attacks by adding rules that incorporate regularexpressions to IDS as an emergency measure. Although it isimpossible to fix all possible SQL injection vulnerabilities,it is easy to implement and requires attackers to improve theirmethods in order to achieve successful attacks. Regularexpressions can be used as follows.

Delete the SQL regular expression metacharacters: / (\%27) |(' ) | (\-\-) | (\%23) | (#) /ix

Seven

Following the regular expression canbe added to the Snort alertTCP$EXTERNAL_NET ru l es: any-> $HTTP_SERVERS$HTTP_PORTS (msg:

"SQL Injection-

Paranoid; flow:to_server, established; uricontent: .Pl ; pcre:/ (\%27) | (' ) | (\-\ -) | (%23) | (#) ;classtype:Web-application-attack; sid:9099; /i rev:5) ;The regular expression of traditional SQL injection attacks:/\w* ((\%27) | (' ) ( |o| ) (\%6F) (\%4F) ( |r| ) (\%72) (\%52)) /ixThe regular expression to delete the UNION keyword SQLinjection attack: / ((\%27) | (' )) union/ix (\%27) | (' )Similar regular expressions can be written for other SQLqueries such as select, insert, update, delete, drop, and soon.

Regular expressions for SQL injection attacks are detected onthe MS SQL server: /exec (\s|\+) + (s|x) p\w+/ix

For quality assurance ============

E i gh t

Addressing SQL injection defects ultimately requires codebased fixes, providing information necessary to fix thesevulnerabilities for development and for the steps described inthe security operations section. The following steps outlinehow to manually test SQL injection for an application.How do you manually test SQL injection into an application?:

EdgeNat 新年开通优惠 - 韩国独立服务器原生IP地址CN2线路七折优惠

EdgeNat 商家在之前也有分享过几次活动,主要提供香港和韩国的VPS主机,分别在沙田和首尔LG机房,服务器均为自营硬件,电信CN2线路,移动联通BGP直连,其中VPS主机基于KVM架构,宿主机采用四路E5处理器、raid10+BBU固态硬盘!最高可以提供500Gbps DDoS防御。这次开年活动中有提供七折优惠的韩国独立服务器,原生IP地址CN2线路。第一、优惠券活动EdgeNat优惠码(限月...

星梦云:四川100G高防4H4G10M月付仅60元

星梦云怎么样?星梦云资质齐全,IDC/ISP均有,从星梦云这边租的服务器均可以备案,属于一手资源,高防机柜、大带宽、高防IP业务,一手整C IP段,四川电信,星梦云专注四川高防服务器,成都服务器,雅安服务器。星梦云目前夏日云服务器促销,四川100G高防4H4G10M月付仅60元;西南高防月付特价活动,续费同价,买到就是赚到!点击进入:星梦云官方网站地址1、成都电信年中活动机(成都电信优化线路,封锁...

日本CN2、香港CTG(150元/月) E5 2650 16G内存 20M CN2带宽 1T硬盘

提速啦简单介绍下提速啦 是成立于2012年的IDC老兵 长期以来是很多入门级IDC用户的必选商家 便宜 稳定 廉价 是你创业分销的不二之选,目前市场上很多的商家都是从提速啦拿货然后去分销的。提速啦最新物理机活动 爆炸便宜的香港CN2物理服务器 和 日本CN2物理服务器香港CTG E5 2650 16G内存 20M CN2带宽 1T硬盘 150元/月日本CN2 E5 2650 16G内存 20M C...

网站漏洞检测为你推荐
Telewizjamedia支持ipad支持ipad支持ipad地址1632.3ios5win7还原系统win7怎么初始化系统?系统还原?fastreport2.5GPA2.5相当于什么水平morphvoxpro怎么用怎么使用morphvox proios7好用吗苹果ios7怎么样
上海域名注册 vps侦探 域名主机管理系统 国外主机 香港vps99idc 美元争夺战 国外服务器网站 私人服务器 mediafire下载 网站监控 ubuntu更新源 网页背景图片 hostker 免费个人空间 200g硬盘 cdn联盟 shopex主机 域名dns 镇江高防 云服务是什么意思 更多