long ago wanted to write about file upload + database backup, intrusion site articles, but has not written. Today, after listening to www.admin5.com , the organization’s server security seminar, decided to write about it.
when hackers through various means (SQL injection, the breaking) get back the permissions, most want to see is the background file upload function and database backup function, because this is the most important step of the intrusion, but also is the most critical step! Why? Because of the upload function can be Ma pass to the server, but the horse type is usually ASP or PHP, and the web program is generally not allowed to upload these types of files, so we have to be a horse extension to JPG or GIF (pictures can be uploaded to the server and then mostly), the problem again, extension to JPG or GIF the horse will not run! How to do? It is necessary to use the database backup function, it may be a backup file to another file, then we can use it to the extension of JPG or GIF horse changed back to normal ASP Or PHP, well, the horse can execute, love us, let us do it, ha ha.
for the top of the invasion process, below we talk about how to prevent it:
1., if the site is to use the online program, be sure to change the database file name and default password, can change the background login path is changed;
2. program of parameters must be filtered to prevent the injection! Do not upload file type judgment is only limited to the extension, to judge the file type, the format does not immediately terminate the upload or delete file
3. has its own server, then do IIS permissions settings, separate upload folder permissions are set to no, so that even if the horse passed up, change the extension can not run
4. is not sure, you can find the backup database related documents, delete it, ha ha,