Nothing is perfect, so loopholes are inevitable. After a loophole occurs, various countermeasures will follow, such as changing the suffix of the database, changing the name of the database, etc. Many people think that just doing this will solve the problem, but the reality is often not what you and I want. Even if you do this, you will not be able to escape the fate of being attacked by masters.
As the number one killer of script vulnerabilities, database download vulnerabilities are now known to more and more people. In this era of rapid information technology updates, various countermeasures are followed after the occurrence of vulnerabilities, such as changing the suffix of the database, changing the name of the database, etc. Many people think that just doing this will solve the problem, but the reality is often not what you and I want. Even if you do this, you will not be able to escape the fate of being attacked by masters. For this reason, it is necessary for us to understand some attack techniques to enhance our security skills.
1. Force download of database files with suffix names of ASP and ASA
In order to save time, most network administrators directly download other people's source programs for article systems, forums and other programs on their websites and then use them after some modifications. Nowadays, many people's ASP source programs have changed the database suffix from the original MDB to ASP or ASA. Originally this was a good thing, but in this society with extremely expanded information, the old methods can only last for a limited time. For database files with the ASP or ASA suffix, hackers can easily download them using downloading software such as Thunder as long as they know their storage location. Figure 1 is the database file downloaded by the author using Thunder (note that the suffix of the database is ASP).
2. Fatal symbol-#
Many network administrators think that adding a # sign in front of the database can prevent the database from being downloaded. Yes, I also thought that IE could not download files with the # sign (IE would automatically ignore the content after the # sign). But success is also a failure, and we forget that web pages can not only be accessed through ordinary methods, but also can be accessed using IE's encoding technology.
In IE, each character corresponds to a code, and the code character %23 can replace the # sign. In this way, we can still download a database file that only has the suffix modified and the # sign added. For example, #data.mdb is the file we want to download. We only need to enter %23data.mdb in the browser to download the database file using IE. In this way, the # defense method is useless.
3. Cracking Access encrypted database is easy
Some network administrators like to encrypt the Access database, thinking that even if a hacker obtains the database, a password will be required to open it. But the opposite is true. Because Access's encryption algorithm is too fragile, hackers can easily get the password in just a few seconds by simply finding a software on the Internet that can crack the Access database password. There are many such software online, such as Accesskey.
4. Instant kill-data database technology
The database Exploit Technology itself should belong to the ranks of script vulnerabilities. The reason why I mention it here is because it plays a decisive role in database download vulnerabilities. If you look carefully, readers will find that the above techniques assume that you know the database name. can only be implemented under certain circumstances. But many times it is impossible for us to know the name of the database. At this time, we may feel very frustrated and feel that we can no longer proceed. However, the emergence of database database technology can not only eliminate our frustration, but also allow us to truly The previous technologies are combined and utilized.
When many people use ASP to write data connection files, they always write like this (conn.asp):
- …
- db=data/rds_dbd32rfd213fg.mdb
- Setconn=Server.CreateObject(ADODB.Connection)
- connstr=Provider=Microsoft.Jet.OLEDB.4.0;DataSource=&Server.MapPath(db)
- conn.Openconnstr
- functionCloseDatabase
- Conn.close
- Setconn=Nothing
- …
This statement seems to have no problem, and the name of the database is very strange. Without database brute force technology, the chance that we can guess such a database name is almost zero. But such a short sentence hides infinite information. It can be said that most programs on the Internet have this vulnerability. We only need to replace the / in front of the data connection file conn.asp (usually this) with %5c on the address bar to access the location of the database. I don’t need to say the next thing, right? Everyone just needs to use their brains. Nothing can be done.
The above is the entire content of this article. I hope you all like it.