3

Nessus Vulnerability Scanner 针对旧代码网站运行。关于如何使用 PHP 防止空字节注入攻击有很多建议,但我找不到任何关于在经典 ASP 中使用 VBScript 解决此问题的任何信息。

这是扫描仪对我们公共站点的攻击:

http://www.mortgagedataweb.com/mds/marketshare/ParmsV2.asp?Menu=%00<"kzwezl%20>

我试图在QueryString输入中添加有效性检查,但我的努力没有奏效。结果掩盖了%00我检查正确值的尝试。以下是一些相关的代码片段:

Function getUserInput(input)    
    Dim newString
    If Len(input) = 0 Then
        getUserInput = ""
        Exit Function
    End If
    newString = input        'this was omitted in original post but was in fact in the code
    newString = Replace(newString, Chr(0), "")  'I thought this would fix it !  
    newString = Replace(newString, "--", "")
    newString = Replace(newString, ";", "")          
    newString = Replace(newString, Chr(34),"'") 
    newString = Replace(newString, "'", "") 
    newString = Replace(newString, "=", "=") 
    newString = Replace(newString, "(", "[") 
    newString = Replace(newString, ")", "]")
    newString = Replace(newString, "'", "''")
    newString = Replace(newString, "<", "[")
    newString = Replace(newString, ">", "]")  
    newString = Replace(newString, "/*", "/") 
    newString = Replace(newString, "*/", "/")
    getUserInput = newString
End Function

implied_Menu = UCase(getUserInput(Request.QueryString("Menu")))  'store Menu value for Fast-Path link
Select Case implied_Menu
    Case "FHA_ZP", "C_ZP", "J_ZP", "F_ZP"
        implied_SQLName = MARKETSHAREZip
    Case "P_ALL", "P_MA", "P_ST", "P_ZP", "P_CT", "P_NATION"
        implied_SQLName = PMIMARKETSHARE
    Case "FHA_ALL_D", "FHA_MA_D", "FHA_ST_D", "FHA_CT_D", "FHA_ZP_D", "FHA_NATION_D"
        implied_SQLName = FHAMARKETSHAREDETAILS
    Case ""
        implied_SQLName = MARKETSHARE
    Case Else
        Response.Write("<h2>Invalid Menu parameter</h2>")
        Response.End
End Select

正确的菜单值是:

  • 完全失踪(即Menu=不在QueryString
  • Select Case上述逻辑中勾画的一系列有效值的一部分

在我的开发机器上,我可以更改%00%0并用Response.Write消息标记错误 then Response.End,但是关于它的某些内容%00超出了我的检查尝试。

4

1 回答 1

2

我建议用正则表达式处理这个问题:

function getUserInput(sInput)
    Dim obj_regex
    Set obj_regex = New RegExp

    obj_regex.IgnoreCase = true
    obj_regex.Global = true
    obj_regex.Pattern = "\W"

    getUserInput = obj_regex.Replace(sInput, "")
    set obj_regex = Nothing
end function

由于您的所有菜单条目都只有字母数字字符和下划线,因此您可以替换所有其他字符。

于 2016-11-04T14:38:11.023 回答