We have many tricks to face vulnerabilities, such as changing the suffix of the database, modifying the name of the database, etc., but these methods cannot completely solve the problem. With the popularity of the Internet, more and more people are familiar with the number one killer weapon of the script vulnerability of database download vulnerability. So let's learn about the analysis of the ASP database download vulnerability.
1. Force download database files with suffixes named ASP and ASA
In order to save time, most network administrators directly download other people's source programs and then use them after partial modifications. Nowadays, many people have changed the database suffix from the original MDB to ASP or ASA. This was a good thing, but in this society where information is extremely inflated, the time that old methods can last is limited after all. For ASP or ASA suffix database files, as long as hackers know their storage location, they can easily download them with download software like Thunder. Figure 1 is the database file downloaded by the author using Thunder (note that the suffix of the database is ASP).
2. Fatal symbols——#
Many network administrators think that adding a # number in front of the database can prevent the database from being downloaded. Yes, I also thought that IE could not download files with # numbers (IE will automatically ignore the contents after # numbers). But "Success is Xiao He, failure is Xiao He". We forgot that web pages can not only be accessed through ordinary methods, but also can be accessed using IE encoding technology.
In IE, each character corresponds to an encoding, and the encoding character %23 can replace the # number. In this way, we can still download a database file that has only modified the suffix and added a # number. For example, #data.mdb is the file we want to download. We just need to enter %23data.mdb into the browser to download the database file using IE. In this way, the # defense method is useless.
3. Cracking Access encrypted database is easy
Some network administrators like to encrypt Access databases, thinking that even if the hacker gets the database, he will need a password to open it. But the fact is the opposite. Because Access's encryption algorithm is too fragile, hackers just need to find a software to crack Access database passwords online, and they can get the password in less than a few seconds. There are many such software online, such as Accesskey.
4. Instant killing—data storm technology
The database breaching technology itself should be among the ranks of script vulnerabilities. The reason why I came here is because it plays an important role in database download vulnerabilities. If you are careful, readers will find that the above techniques can only be implemented if you know the database name. But many times we simply cannot know the name of the database. At this time, we may feel very frustrated and cannot continue. However, the emergence of database rioter technology can not only wipe out our frustration, but also allow us to truly integrate the previous technologies.
Many people always write this way when writing data connection files using ASP:
... db="data/rds_dbd32rfd213fg.mdb" Set conn = Server.CreateObject("ADODB.Connection") connstr="Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & Server.MapPath(db) conn.Open connstr function CloseDatabase Conn.close Set conn = Nothing …This statement seems to be fine, and the database name is very strange. Without the database riot technology, we can guess that the probability of such a database name is almost zero. But such a short sentence hides infinite information. It can be said that most programs on the Internet have this vulnerability. We can just replace the address bar with %5c before the data connection file conn.asp (usually this) to the database. I don’t need to say what’s next, right? There is nothing that cannot be done as long as you use your brain.
This article introduces the analysis of ASP database download vulnerabilities, and vulnerabilities are everywhere. Therefore, it is necessary for us to understand some attack methods to enhance our security skills.