Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
myhack58佚名MYHACK58:62200612584
HistoryOct 30, 2006 - 12:00 a.m.

Database download vulnerability attack techniques-vulnerability warning-the black bar safety net

2006-10-3000:00:00
佚名
www.myhack58.com
9
JSON

As scripting vulnerability the number one killer-and database download vulnerabilities, now has been more and more people to the art. In this information technology update Fast of the era, the vulnerability produced after the attendant is to respond to the tricks, such as change the database suffix, modify the database name, and so on. A lot of people think that as long as doing so can solve the problem, but the fact is often not as good as you wish, even if you do also difficult to escape is to master the attacks of fate. To this end we need to be aware of some of the attack techniques, to enhance their safety skills.

1. The Force download name suffix ASP, ASA database file

Most of the network in order to save time, on the website of the article system, Forum, etc. the program is directly downloaded someone’s source program and then through part of the modified use. And now a lot of people do the ASP source code has the database suffix from the original MDB to ASP or ASA. Originally it was a good thing, but in this information of extreme expansion of society, the old method can maintain the Ben Xun leisure coat Xing 蕖 6 heteroaryl win SP or ASA suffix of the database file, the hacker as long as you know their storage location, you can easily with the thunder such download software download get. Figure 1, that the author use Thunder download to the database file, note the database suffix is ASP on.

!

Figure 1

2. the Deadly symbols-the #

Many network thought in the database are preceded by a#number you can prevent the database to be downloaded. Yeah, I was also think that IE is unable to download with the#number of the file(IE will automatically ignore the#number behind the content). But“into also Xiao he, defeated also Xiao he”, we forget the Web can not only by the ordinary method, but using IE’s encoding technology can access to.

In IE, each character corresponds to a coding, the coding identifier%2 3 You can replace the#symbol. For such a simply modified the suffix and add the#number of database files we can download. Such as the#data. mdb for us to download the file, as long as we in the browser input%23data. the mdb can use IE to download the database file, as a result, the#means of Defense is useless in General(Figure 2)。

!

Figure 2

3. the Crack Access encrypted database easy as pie

Some network like the Access database is encrypted, that way even if a hacker got to the database also requires a password to open. But the fact is just the opposite, due to the Access of the encryption algorithm is too weak, so the hacker just just to Online to find a crack Access database password software, No a few seconds to get the password. Such a software there are many online, such as Accesskey is.

4. Instant kill-the data storm database technology

Itself database storm Gallery art should belong to the Scripting vulnerability in the ranks, the reason here is because it is in the database download vulnerability plays an important role, if carefully point, the reader will find the above tips are assumed to know the database name can be implemented. But very often we simply can not know the database name, in this case we may feel very frustrated, feel unable to proceed, but the database storm library the advent of technology can not only sweep away our frustration, but also make us really will be in front of technology for integrated utilization.

Many people use ASP to write data to the connection file will always be written so(conn. asp): a


db=“data/rds_dbd32rfd213fg. mdb”
Set conn = Server. CreateObject(“ADODB. Connection”)
connstr=“Provider=Microsoft. Jet. OLEDB. 4. 0;Data Source=” & Server. MapPath(db)
conn. Open connstr
function CloseDatabase
Conn. close
Set conn = Nothing

This statement looks feel and no problem, but the database name to obtain very strange, if there is no database storm Gallery art we can guess such a database name, the chance is almost zero. But it’s that brief statement is hidden infinite information. Can say online most of the procedures are the presence of this vulnerability. As long as we will be on the address bar in the data connection file conn. asp(usually for this)before the/with%5c alternative can storm to the location of the database, the next thing should not need me to say? Everyone as long as the brains nothing is done.

JSON