Directory of website intrusion and script attack and defense practices

Chapter 1 Overview of Website Script Intrusion and Prevention

1. 1 is a Web script intrusion attack that is very harmful and difficult to prevent.

1. 1. 1 Web script attack overview and characteristics

1. 1.2 How did the intruder get in?

1.2 root of script vulnerability

1.2. 1 It is difficult to balance function and safety.

1.2.2 Lack of safety awareness

Chapter 2 SQL injection, piercing the core of the website

2. The target of1SQL injection is the database.

2. 1. 1 The database is everything to the website.

2. 1.2 understand some terms used in SQL.

2.1.3 Several database management systems frequently encountered in SQL injection attacks.

2. 1.4 Know several SQL injection query instructions in advance.

2.2 How is deception carried out?

2.2. 1 An unnamed workstation and a typical SQL statement

2.2.2 Establish a database platform for SQL injection detection.

2.2.3 Establish a SQL injection vulnerability site.

2.2.4 the first SQL injection attack test

2.3 prelude to SQL injection attack

2.3. 1 The website platform determines the attack mode.

2.3.2 Preparation before attack

2.3.3 Find the attack entrance.

2.3.4 Distinguish the types of SQL injection points

2.3.5 judging the target database type

"2.4" or "=" or "Bypass the unsafe login box.

2.4. 1' or' =' or' Attack Breakthrough Login Verification Demonstration

2.4.2 unfiltered request.form leads to injection.

2.5 injection into the Access database depends entirely on guessing.

2.5. 1 informative selective query

2.5.2 guess Access table and field names with Select.

2.5.3 ASCII word-for-word decoding method to guess the field value.

2.5.4 Capture a website in three minutes.

2.5.5 How is the website controlled?

2.6 advanced query that brings disaster to MS SQL

2.6. 1 Establish the MS SQL database for attack demonstration.

2.6.2 interesting MS SQL error message

2.6.3 Group By and Having of SQL advanced query

2.6.4 Give examples of MS SQL table names and field names.

2.6.5 Data records are also incorrectly "reported".

2.6.6 Continue the previous "invasion"

2.6.7 Reports are ideographic names and field names.

2.7 Extended stored procedures directly attack the server

2.7. 1 Stored Procedure Rapidly Attacks Database

2.7.2 inject NBSI into the control server.

2.8 construct PHP injection attack

2.8. 1 manual PHP injection

2.8.2 reading PHP configuration file

CASI automatic PHP injection

The third chapter deeply discusses the attack and prevention of SQL injection.

3. 1 ruyi filtering, omitting the injection of single quotation marks and spaces.

3. 1. 1 transcoding, bypassing program filtering.

3. Injection attack of1.2/* */replacement spaces

3.2 Update Injection and Differential Backup

3.2. 1 Form submission and update

3.2.2 Obtaining Webshell by Differential Backup

3.3 Character conversion and single quote breakthrough

3.3. Filtering of1\ 0 and single quotation marks

3.3.2 char bypasses the single quotation marks again.

3.4 Data Submission and Implicit Injection

3.4. 1 Modify GroupID to quickly upgrade permissions.

3.4.2 Filtering Breakthrough in Implicit Injection

3.5 stuck SQL injection barrier

Chapter IV Hidden Crisis-Database Intrusion

4. 1 "exposed" vulnerability-common database vulnerability

4.2 Understand some database connection knowledge.

4.2. 1 ASP and ADO object module

4.2.2 ADO object accessing database

4.2.3 The Core of Attack and Security-Example of ——Access Database Connection Code

4.3 Lack of security awareness-default database download vulnerability

4.3. 1 Simulate a forum building process.

4.3.2 The intruder exploited this loophole.

4.3.3 Process of Explorers Finding Vulnerabilities

4.4 database download, the consequences are very serious.

4.5 blacklist, don't be on the list

4.5. 1 See if you are on the list.

4.5.2 Don't be lazy, and start to solve potential safety hazards.

4.6 weird Google, low-level mistakes

4.6. 1 Very strange search experiment

4.6.2 It can be downloaded.

4.6.3 Analysis of Google Epidemic Database

4.6.4 The previous Include solved the problem.

4.7 Why is the attacker staring at you?

4.7. 1 Vulnerable site mining "chicken"

4.7.2 Website database, if you don't hide it, just grab it.

4.7.3 The robot guards the door to prevent searching data from the database.

4.8 Hide the database, and you will know when it is exposed.

Example of ASP Accessing access database

4.8.2 Game 1: The Magic of Code Conversion

The secret of magic

4.8.4 Scene 2: Strange conn.asp

4.8.5 Entanglement between Absolute Path and Relative Path

4.8.6 "Recover from the next error"-fill a loophole that is not a loophole.

4.9 Analysis of Several Outbreak Programs

4.9. 1 Explosion Vulnerability Test of Shopping System in Dynamic Mall

4.9.2 Burst test of ——BBSXP, an ASP database that cannot be downloaded.

4.9.3 Database marked with #-OBLOG blog system outbreak database

4.9.4 conn.asp looks for violent libraries.

4. 10 "blank" and inserting horses-the enlightenment of the invasion of ——GBook365.

4. 10. 1 is convenient for designers and cheap for the attacker conn.inc

4. 10.2 Consequences of changing suffixes in disorder

4. 10.3 The back door is the database.

4. 10.4 Strictly filter plugging loopholes.

4. 1 1 Enlightenment from Trojan horse attack

4. 1 1. 1 "one sentence" and the database are not well filtered.

4. 1 1.2 Trojan client and server

4. 1 1.3 Example 1: The disappearance of private server sites.

4. 1 1.4 Example 2: Invade EASYNEWS in one sentence.

4. 1 1.5 Example 3: "Community Supermarket" invades the dynamic network forum.

4. 1 1.6 Example 4: Detection of Unknown Websites

4. 1 1.7 There is danger if you invest-in a word, Trojan horse defense.

Chapter 5 Programmers' negligence and excessive trust in uploading.

5. 1 Redundant mapping and upload attack

5. 1. 1 Attack from asp.dll map.

5. 1.2 Don't forget the mapping between stm and shtm.

5.2 Spaces, dots and loopholes caused by Windows naming mechanism

5.2. 1 Add a dot, another loophole of 9Cool.

5.2.2 Windows naming mechanism and program vulnerabilities

5.2.3 Game of changing file name

5.3 the strange circle of logical variables, the second cycle produces upload loopholes.

5.3. 1 attacker's "power"-MyPower upload attack test

5.3.2 Analysis of local submission and upload process

5.3.3 Logical errors caused by secondary uploading

5.3.4 Classic upload and reproduction, vulnerability analysis of "Zhu Qin Music Network"

5.3.5 Make up the "Taoyuan Multifunctional Message Board" with loopholes.

5.4 Windows special characters, truncated program filtering

5.4. 1 Script Intrusion Detector WSockExpert and Upload Attack

5.4.2 Breaker 00 and File Path Filtering Vulnerabilities

5.4.3 00 and file name filtering vulnerability

5.5 Deception Detection of File Path and File Name Variables

5.5. 1 Guilin Veteran uploads the exploit program.

5.5.2 Detection of Uploading Vulnerabilities on Tianyi Business Network

5.5.3 Detect the upload vulnerability of Longfei article system.

5.5.4 Detection of BlogX upload vulnerability

5.5.5 Detect the uploading vulnerability of Datang Beautification Edition of Dynamic Network.

5.5.6 Detecting the upload vulnerability of dusty news system

5.5.7 Detection of uploading vulnerabilities in Joekoe Forum

5.5.8 Defeat Qingchuang Article Management System

5.6 %00 and upload vulnerability of PHP program.

5. 6. 1 neapic photo album system

5.6.2 The filtering of file types is not strict, and there are loopholes in uploading phpcms files.

5.7 Third-party Plug-ins with Hidden Vulnerabilities

5.7. 1 FCKeditor caused the website to crash.

5.7.2 Ubiquitous FCKeditor upload vulnerability

5.7.3 combination of ewebditor password and upload vulnerability

5.8 Accidental upload

5.8. 1 Unauthorized upload-Zhu Qin music program upload vulnerability.

5. 8. 2 cceer- an uncontrolled role filtering game

5.8.3 Upload vulnerabilities cannot be hidden.

Chapter VI Leaking and Deception of Entry Cards -Cookie Attack

6. 1 examples of chaotic codes and deception

6. Security risks in1.1cookie information

6. 1.2 entering the background is as simple as that.

6. 1.3 Not an administrator can delete posts.

6.2 Further modification and deception of cookie information

Relationship between database and Cookie information

6.2.2 Chain reaction between cookie spoofing and upload attack

6.2.3 Deception invasion of modifying ID

6.2.4 Cheat two values of classid and UserID.

6.2.5 Simple User Name Deception

6.3 Diversity of cookie spoofing attacks

6.3. 1 Skillful voting, Cookie cheating

6.3.2 Mobile phone short message bomb created by cookie deception

Chapter seven: Cross-site technology and framing attack of websites becoming accomplices.

7. 1 The attack originated from a piece of written code.

7. 1. 1 Vulnerable test web page

7. 1.2 Typical examples of cross-site attacks on mobile networks

Stealing 7.1.3 cookie-one of the demonstrations of cross-site intrusion detection

7. 1.4 private server website hangs-cross-site intrusion detection demonstration 2

7.2 A piece of information destroys a website.

7. 2. 1MM _ Effective unfiltered form, cross-site detection in Ye Yi.

7.2.2 Cross-site Intrusion Detection of Times Shopping System

7.3 who is the king of enclosure-the evolution of cross-site technology from the attack in q area

7.3. 1 unsafe client filtering

7.3.2 Code conversion, continue to cross the site.

7.3.3 Jump, jump out of cross-site.

7.3.4 Cross-site flash overflow

7.3.5 Links are not filtered, and music lists cross sites.

7.3.6 Whether there are any loopholes in QQ service when external calls cross sites.

7.4 Unsafe code in email, cross-site hanging horse in mailbox.

7.4. 1 Looking at the Cross-site Harm of Mail from QQ Mailbox

7.4.2 List of Cross-site Vulnerabilities of Domestic Mainstream Mailboxes

7.5 "Event" deviation, cross-site detection of mainstream blog space.

7.5. 1 Not required

7.5.2 Cross-site Evolution of Baidu Space

7. 5. 3 Onstart event triggered Netease blog cross-site.

7.6 "Search", where cross-site attacks are most prevalent.

7.6. 1 Cross-site of domestic mainstream search engines

7.6.2 Special Cross-site Using Web Snapshots

7.7 ultimately prevent cross-site scripting attacks

Chapter 8 Building a Secure Website Server

8. 1 Configure a secure Web server

8. 1. 1 Delete unnecessary IIS components.

8. 1.2 IIS security configuration

8.2 database security protection

8.2. Anti-download processing of1Access database

Configuration of SQL database

8.3 Prevention and Detection of Trojan Back Door in Web Page

8.3. 1 Delete all kinds of script objects and prohibit ASP Trojans from running.

8.3.2 Trojan back door search tool

8.3.3 Set the website access rights.