In previous articles we have for common Web security vulnerabilities and prevention methods are analyzed and described, and learn to Web security vulnerability of the website's security operations as well as corporate sensitive information anti-leakage effect is huge, so effective against Web application vulnerabilities, prevent the disclosure of sensitive information is a site operated by the key. Through Web application security vulnerability scanner that can to some extent help us to find possible security vulnerabilities, but since the Web applications the complexity of the environment, resulting in many vulnerabilities cannot be detected tool found, and the source code analysis of the way you can through the Web application workflow and to achieve a method for analysis, active discovery of the various functions to achieve the process there may be security risks problem. Below we through the source code analysis of the way the ASP language development Web application security vulnerability analysis, and combined with the actual vulnerabilities described feasible and effective prevention method.
In the understanding of common Web security vulnerabilities method of attack later, we know that Web application attacks are actually on the Web application's variables and to achieve the function of attack, the Web application work process is to obtain user input information, and then through the Web application after processing the corresponding returns the results of the Feedback. Then get the user to input information of the process is to variables of the acquisition process, the Web application process is the use of program function for the variable operation of the process. So we in on Web application vulnerability discovery process is to find the risk variables and the hazard function of the process, a lookup process can make through the dangerous variable lookup function, if function in the variables in the process are not stringent enough, then it may lead to vulnerability exists. Similarly, we can also through the risk function to find the variables for analysis, if a function in the processing of process variables exist in the problem, then if the variable in the acquisition process is always user-controllable while the same can lead to vulnerability. In order to analyze and describe the convenience of our online looking for a set of ASP language to write Web applications by combining instances of the way to the vulnerability will be described.
ASP language to write the Web application in the variable access is mainly through the Request object implementations, common The include Request. QueryString, Request. Form and Request. ServerVariables, etc., so we in the ASP program variables to obtain, the main is to find the Request object to appear. In order to facilitate the search Request feature of the keyword, we can use some, such as Editplus, Dreamweaver or the like of the editor class Tool, the Web application directory of ASP file for batch find, to determine the variable to get the position, as shown in Figure 1 for use Editplus to the Web application source directory where all the ASP files to search, the lookup Request keywords appear.
Vulnerability analysis and prevention
In determining the variables of the acquisition process, we need to according to the variable of location to go to find the Web application to the variables of the process, if the Web application of the variable process is not strict, then it will lead to the vulnerability of the formation. While in the present sets of the ASP program for analysis, we found the program while the code amount is not much, but there are a variety of security vulnerabilities, including SQL injection](<http://www.myhack58.com/Article/html/3/7/Article_007_1.htm>)vulnerabilities, XSScross-site scripting attack vulnerability, unauthorized access vulnerabilities, and the rich text editor vulnerability.
The program analysis process, we found that more than one file existsSQL injectionvulnerabilities, such as custom. asp, news_category. asp, etc., in custom. asp code is as follows shown in Figure 2.
We found the program through the GET way to get variable id later, not through any filter directly into the SQL statement for the query and the results display, this is a typicalSQL injection