Nessus漏洞掃描程序針對遺留代碼網站運行。有很多關於如何防止使用PHP的空字節注入攻擊的建議,但我無法找到任何有關使用VBScript在傳統ASP中修復此問題的任何建議。如何防止來自查詢字符串的空字節注入
這裏的掃描儀對我們的公共網站的攻擊:
http://www.mortgagedataweb.com/mds/marketshare/ParmsV2.asp?Menu=%00<"kzwezl%20>
我試圖添加有效性檢查到QueryString
輸入,但我的努力都沒有奏效。關於%00
的一些結果掩蓋了我試圖檢查正確值的嘗試。這裏有一些相關的代碼片段:
Function getUserInput(input)
Dim newString
If Len(input) = 0 Then
getUserInput = ""
Exit Function
End If
newString = input 'this was omitted in original post but was in fact in the code
newString = Replace(newString, Chr(0), "") 'I thought this would fix it !
newString = Replace(newString, "--", "")
newString = Replace(newString, ";", "")
newString = Replace(newString, Chr(34),"'")
newString = Replace(newString, "'", "")
newString = Replace(newString, "=", "=")
newString = Replace(newString, "(", "[")
newString = Replace(newString, ")", "]")
newString = Replace(newString, "'", "''")
newString = Replace(newString, "<", "[")
newString = Replace(newString, ">", "]")
newString = Replace(newString, "/*", "/")
newString = Replace(newString, "*/", "/")
getUserInput = newString
End Function
implied_Menu = UCase(getUserInput(Request.QueryString("Menu"))) 'store Menu value for Fast-Path link
Select Case implied_Menu
Case "FHA_ZP", "C_ZP", "J_ZP", "F_ZP"
implied_SQLName = MARKETSHAREZip
Case "P_ALL", "P_MA", "P_ST", "P_ZP", "P_CT", "P_NATION"
implied_SQLName = PMIMARKETSHARE
Case "FHA_ALL_D", "FHA_MA_D", "FHA_ST_D", "FHA_CT_D", "FHA_ZP_D", "FHA_NATION_D"
implied_SQLName = FHAMARKETSHAREDETAILS
Case ""
implied_SQLName = MARKETSHARE
Case Else
Response.Write("<h2>Invalid Menu parameter</h2>")
Response.End
End Select
是正確的菜單值之一:
- 完全缺失(即,
Menu=
不在QueryString
)系列有效的 - 部分值在
Select Case
邏輯上面勾畫
在我的開發機器上,我可以將%00
更改爲%0
,並將錯誤標記爲Response.Write
消息,然後Response.End
,但有關%00
的內容會超出我的檢查範圍。
在替換之前,您還沒有爲'newString'分配任何值。 –
像@ Kul-Tigin說的那樣,在開始在'newString'上調用'Replace()'之前,你需要將'input'賦給'newString',否則你將不會進行任何替換。 – Lankymart
我在將代碼粘貼到原始文章中時犯了一個錯誤。輸入值分配給newString實際上是在代碼中,但未能正確地將其轉換爲原始文章。問題依然存在。 –