Gwaji Na SQL Inganta Inuwa

Maganin Injection na SQL ya kawo babban hadari ga aikace-aikacen yanar gizon da ke dogara da bayanan bayanan yanar gizo don samar da abun ciki mai dadi. A irin wannan harin, masu amfani da na'ura suna amfani da aikace-aikacen yanar gizon a cikin ƙoƙari na aiwatar da ka'idojin kansu na SQL a cikin wadanda aka samar da su. Alal misali, duba labarin SQL Injection Attacks on Databases. A cikin wannan labarin, zamu dubi hanyoyi da dama da za ku iya gwada aikace-aikacen yanar gizonku domin sanin ko suna da alaka da hare-haren SQL Injection.

Binciken Injection na Inji ta atomatik

Ɗaya daga cikin yiwuwar yin amfani da na'ura mai kwakwalwa ta yanar gizo mai kwakwalwa, kamar HPI WebInspect, IBM's AppScan ko Cenzic's Hailstorm. Wadannan kayan aikin duk suna da sauƙi, hanyoyi masu sarrafawa don nazarin aikace-aikacen yanar gizonku don halayewa na SQL Injection vulnerabilities. Duk da haka, suna da tsada sosai, suna gudana har zuwa $ 25,000 kowace wurin zama.

Binciken Turawa na SQL Manual

Mene ne mai samar da aikace-aikace mara kyau? Kuna iya tafiyar da wasu gwaje-gwaje na ainihi don kimanta aikace-aikacen yanar gizonku na SQL Injection vulnerabilities ta yin amfani da kome ba fiye da burauzar yanar gizo ba. Na farko, kalma na taka tsantsan: gwaje-gwajen da na fadi kawai na nema asali na asali na SQL Injection. Ba za su gano hanyoyin da aka ci gaba ba kuma suna da mahimmanci don amfani. Idan zaka iya samun shi, tafi tare da na'urar daukar hotunan atomatik. Duk da haka, idan baza ku iya ɗaukar wannan farashin farashin ba, jarrabawar littattafan abu ne na farko.

Hanyar da ta fi dacewa don kimanta ko aikace-aikacen yana da wuya shi ne gwaje-gwaje tare da hare-haren da ba su da kyau wanda ba zai cutar da ka ba idan sun yi nasara amma zai ba ka shaida cewa kana buƙatar gyara matsalar. Alal misali, kana zaton kana da aikace-aikacen yanar gizo mai sauƙi wanda ke duba mutum a cikin wani bayanan yanar gizo kuma ya bada bayanin hulɗa a sakamakon. Wannan shafi na iya amfani da tsarin URL ɗin da ya biyo baya:

http://myfakewebsite.com/directory.asp?lastname=chapple&firstname=mike

Za mu iya ɗauka cewa wannan shafin yana yin bincike kan bayanan bayanai, ta amfani da tambaya kamar wannan:

KASHE waya daga DAGA WHERE sunan mai suna = 'chapple' da sunan farko = 'mike'

Bari mu gwada da wannan a bit. Tare da tunaninmu a sama, zamu iya sauya canje-canje ga URL ɗin da gwaje-gwaje don hare-haren injection na SQL:

http://myfakewebsite.com/directory.asp?lastname=chapple&firstname=mike'+AND+(select+count(*)+from+fake)+%3e0+OR+'1'%3d'1

Idan ba a kiyaye kariya ta yanar gizo ba tare da allurar SQL ba, to kawai ta ɗaura wannan sunan farko a cikin bayanin SQL wanda yake aiwatarwa akan database, wanda ya haifar da:

SANTA waya daga LITTAWA inda ake kira = 'chapple' da sunan farko = 'mike' DA (zaɓi ƙidaya (*) daga karya)> 0 Ko '1' = '1'

Za ku lura cewa labaran da ke sama yana da ɗan bambanci fiye da wannan a cikin asalin URL. Na dauki 'yancin yada canjin da aka sanya ta URL don samfurori na ASCII don sauƙaƙe don bi misali. Alal misali,% 3d shine URL-encoding don '=' hali. Na kuma kara wa] ansu wa] ansu hanyoyi don irin wannan manufa.

Bayyana sakamakon

Tambaya ta zo ne lokacin da kake ƙoƙarin ɗaukar shafin yanar gizon tare da URL da aka jera a sama. Idan aikace-aikacen yanar gizon yana da kyau sosai, zai kawar da ƙididdiga guda daga shigarwa kafin wucewa tambaya zuwa database. Wannan zai haifar da wani abu mai ban mamaki ga wani tare da sunan farko wanda ya hada da bunch of SQL! Za ku ga saƙon kuskure daga aikace-aikace kamar wannan a ƙasa:

Kuskure: Ba mai amfani da sunan mike + DA + (zaɓi + ƙidaya (*) + daga + karya) +% 3e0 + KO + 1% 3d1 Chapple!

A gefe guda, idan aikace-aikacen yana da ƙyama ga allurar SQL, zai zartar da sanarwa ta kai tsaye zuwa database, wanda ya haifar da ɗaya daga cikin hanyoyi guda biyu. Na farko, idan uwar garkenka na da cikakkun saƙonnin kuskuren (wanda bai kamata ba!), Za ku ga wani abu kamar haka:

Mai ba da Microsoft OLE DB don ODBC Drivers kuskure '80040e37' [Microsoft] [ODBC Drivers SQL Server] [SQL Server] Sunan abu mara inganci 'karya'. /directory.asp, layin 13

A gefe guda, idan uwar garken yanar gizonku ba ya nuna saƙonnin kuskuren cikakken, za ku sami ƙarin kuskuren jinsi, kamar:

Kuskuren Intanit na Intanit uwar garken ya ci karo da ɓataccen ɓataccen ko kuskuren ciki kuma bai iya kammala buƙatarku ba. Da fatan a tuntuɓi mai gudanarwa uwar garken don sanar da lokacin da kuskure ya faru da kuma wani abu da ka iya yi wanda zai haifar da kuskure. Ƙarin bayani game da wannan kuskure na iya zama samuwa a cikin ɓoye kuskure ɗin uwar garke.

Idan ka karɓi ko dai daya daga cikin kurakurai guda biyu a sama, aikace-aikacenka zai iya kaiwa harin kai na SQL! Wasu matakai da za ku iya ɗaukar don kare aikace-aikacenku game da hare-haren SQL Injection sun hada da:

• Yi aiwatar da dubawa a kan dukkan aikace-aikacen. Alal misali, idan kana tambayar wani don shigar da lambar abokin ciniki, tabbatar da shigarwar yana ƙidayar kafin aiwatar da tambaya .
• Ƙayyade izini na asusun da ke aiwatar da tambayoyi na SQL . Matsayi mafi rinjaye ya shafi. Idan asusun da aka yi amfani da shi don aiwatar da tambaya ba shi da izinin kashe shi, ba zai yi nasara ba!
• Yi amfani da hanyoyin da aka adana (ko kuma irin wannan fasaha) don hana masu amfani daga hulɗar kai tsaye tare da lambar SQL.