24 cмертных греха компьютерной безопасности
DESCRIPTION
Книга для ITTRANSCRIPT
-
.
______ ^
* *6- X * <
-
. , . , .
^ *
- --
2010
-
32.973-018-07 004.49 68
., ., .68 24 . .
.: , 2010. 400 .: .
ISBN 978-5-49807-747-5
, . , ( ), . The 19 Deadly Sins of Software Security, .
, Microsoft , , 24 , , , .
32.973-018-07 004.49
McGraw-Hill. . ., , , . , , , .
ISBN 978-0071626750 (.) ISBN 978-5-49807-747-5
McGraw-Hill, 2009 ,
, 2010
-
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
I. -
1. SQL. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
2. , - (XSS, XSRF ). . . . . . . . . . . . 60
3. , - (X SS). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91 4. URL, cookie . . . . . . . . . . . . . . . . . . . 102
.
5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115 6. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
7. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
8. C++. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
-
6
9. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179
10. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
11. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
12. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
13. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226
14. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
15. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250
16. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262
17. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271
18. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284
III.
19. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297
20. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316
21. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332
IV.
22. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355
23. PKI ( SSL). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 366
24. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 378
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 388
-
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
I.
1 . S Q L . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 C W E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
L IX Q . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
-
8
..........................................................................................................................................41Perl/CGI ................................................................................................................................ 41Python......................................................................................................................................42Ruby on Rails...........................................................................................................................42JavanJDBC ...........................................................................................................................42C /C + + ......................................................................................................................................43SQL ......................................................................................................................................... 44 ..........................................................................................................45
............................................................................................................................ 46 .............................................................................................46 ...................................................................47....................................................................................................................................... 49
CVE-2006-4953 .....................................................................................................................50CVE-2006-4592 ......................................................................................................................50
..................................................................................................................... 51 .............................................................................................................51 SQ L ......................51C # ..............................................................................................................................................52 5.0/MySQL 4.1 ................................................................................................52Perl/CGI .................................................................................................................................53Python...................................................................................................................................... 53Java JD B C ............................................................................................................................. 54ColdFusion...............................................................................................................................55SQL ..........................................................................................................................................55 QUOTENAME REPLACE ..................................................................56 DBMS_ASSERT?....................................................................... 56 CAT.NET.....................................................................................................56
...................................................................................... 57 .....................................................57 URLScan.....................................................................................................57
.............................................................................................................................58............................................................................................................................................. 59
2. , - (XSS, XSRF )................. 60 ...........................................................................................................................60 CWE ...............................................................................................................................61 ...................................................................................................62 ................................................................................................................................. 62
XSS DOM ( 0 ) ........................................................................................62 XSS, XSS ( 1) ..................................... 62 XSS, XSS ( 2 ) .......................................65 H T T P .................................................................................................66 ........................................................................ 67Ruby on Rails (X S S )............................................................................................................. 68Ruby on Rails ( )..................................................................................68 CGI, Python (XSS) ............................................................69 CGI, Python ( )................................69ColdFusion (XSS) ................................................................................................................. 69C/C++ ISAPI (X SS)............................................................................................................. 69C/C++ ISAPI ( ) ................................................................................70
-
ASP (X S S )..............................................................................................................................70ASP ( ) ................................................................................................ 70 ASP.NET (XSS) ......................................................................................................70ASP.NET ( ).........................................................................................70JSP(XSS) .............................................................................................................................. 71JSP ( ).................................................................................................. 71 (XSS) ............................................................................................................................71 ( )................................................................................................ 71CGI/Perl (X S S ).....................................................................................................................71mod_perl (XSS) .................................................................................................................... 72modperl ( ).........................................................................................72 HTTP (XSRF) ......................................................................................................72
............................................................................................................................72 ..............................................................................................73
XSRF .........................................................74 .................................................................... 74.......................................................................................................................................75
CVE-2003-0712 Microsoft Exchange 5.5 Outlook Web Access X S S ............................. 75CVE-2004-0203 Microsoft Exchange 5.5 Outlook Web Access:
7fi ........................................................................................................ ' CVE-2005-1674 Help Center Live (XSS XSRF)..................76
(XSS ) ............................................................... 76Ruby on Rails (X S S )..............................................................................................................77ISAPI C/C++ (X SS)..............................................................................................................77Python (XSS) .........................................................................................................................78ASP (X S S ).............................................................................................................................. 78ASP.NET Web Forms (X S S ).................................................................................................79ASP.NET Web Forms (RS) ...................................................................................................79JSP (XSS) .............................................................................................................................. 80PHP(XSS) ............................................................................................................................ 82CGI (X S S ).............................................................................................................................. 82mod_perl (XSS) .....................................................................................................................83
(XSRF)......................................................................................................83 - ........................................................................................................... 83 PO ST/G ET........................................................................................................84Ruby on Rails (XSRF) ..........................................................................................................84ASP.NET Web Forms (XSRF) .............................................................................................84 HTML .......................................85
...........................................................................................86Cookie HttpOnly.............................................................................................. 86 ..............................................................................86 ASP.NET ViewStateUserKey ............................................................................86 ASP.NET ValidateRequest................................................................................. 87ASP.NET Security Runtime Engine ................................................................................... 87OWASP CSRFGuard ........................................................................................................... 87Apache::TaintRequest ........................................................................................................... 87UrlScan................................................................................................................................... 87 .......................................................................................88
............................................................................................................................88............................................................................................................................................ 89
9
-
10
. , - ( X S S ) ......................................................................................... 91 ........................................................................................................................... 91 CWE .............................................................................................................................. 93 ...................................................................................................93..................................................................................................................................93
..................................................................... 94JavaScript HTML............................................................................................................... 95
............................................................................................................................ 95 ...............................................................................................96 .....................................................................96....................................................................................................................................... 97
Microsoft ISA Server XSS CVE-2003-0526 ........................................................................97Windows Vista Sidebar CVE-2007-3033 CVE-2007-3032 ............................................97Yahoo! Instant Messenger ActiveX Control CVE-2007-4515 .......................................... 98
.....................................................................................................................98He ..........................................................98 ..................................................................................99
..................................................................................... 100 ...................................................................................................................... 100 ....................................................................................................................................... 100
4. URL, cookie ........................................ 102 .................................................................................................................... 102 WE ........................................................................................................................ 103 ............................................................................................ 103............................................................................................................................ 103
U R L ............................................................................................................. 103 cookie.................................................................................................... 104 ........................................................................................................ 104 .................................................................................................... 104
...................................................................................................................... 104 ......................................................................................... 105 ............................................................... 106................................................................................................................................. 107
CVE-2005-1784 ............................................................................................................... 107 ....................................................................................................... 107 ............................................................................ 107 ............................................................................ 108 ..................................................................................... 109 ....................................................................................... 110
................................................................................ 111 ...................................................................................................................... 111....................................................................................................................................... 111
II.
5. ................................................................................................................................................... 115 CWE ........................................................................................................................ 116 ............................................................................................ 117
-
11
............................................................................................................................ 11864- .................................................................................................... 121C /C + + ................................................................................................................................ 122 .................................................................................................... 124
...................................................................................................................... 125 ......................................................................................... 125 ............................................................... 126................................................................................................................................. 127
CVE-1999-0042 ............................................................................................................... 127CVE-2000-0389-CVE-2000-0392 ................................................................................ 127CVE-2002-0842, CVE-2003-0095, CAN-2003-0096 .................................................. 128AN-2003-0352 ................................................................................................................... 128
............................................................................................................... 129 .................................................. 129 ................................................................................. 129 ............................................................... 130 C++ ........................................................... 130 STL .................................................. 130 ................................................................................. 130 ................................................................................ 131 ..................................................................................................................... 131 ......................................................................................... 132
...................................................................................................................... 132....................................................................................................................................... 133
6. ...................................................................................................................................... 134 ..................................................................................................................... 134 WE ........................................................................................................................ 135 ............................................................................................ 135............................................................................................................................ 135
C /C + + ................................................................................................................................ 138 .................................................................................................... 139
...................................................................................................................... 139 ......................................................................................... 139 ............................................................... 140................................................................................................................................. 140
CVE-2000-0573 ............................................................................................................... 140CVE-2000-0844 ............................................................................................................... 140
............................................................................................................... 141C /C + + ................................................................................................................................ 141
............................................................................... 142 ...................................................................................................................... 142....................................................................................................................................... 142
7 . ................................................................................................................................ 143 ..................................................................................................................... 143 WE ........................................................................................................................ 144 ............................................................................................. 144............................................................................................................................ 144
-
12
C /C + + ............................................................................................................................... 145 ............................................................................................ 145 ......................................................................................... 147 ...................................................................................................... 150 ....................................................................................................... 150 64- .................................................................. 150 .................................................................................................. 152C # ....................................................................................................................................... 152 checked unchecked ........................................................................ 153Visual Basic Visual Basic .NET................................................................................... 154Java..................................................................................................................................... 155Perl..................................................................................................................................... 155
...................................................................................................................... 156 ......................................................................................... 156
C /C + + ............................................................................................................................... 157C # ....................................................................................................................................... 159Java..................................................................................................................................... 159Visual Basic Visual Basic .NET................................................................................... 159Perl..................................................................................................................................... 160
............................................................... 160................................................................................................................................. 160
SearchKit API Apple Mac OS X ................................................................................................ 160
Google Android S D K ............................................ 161
Windows Script Engine ......................................................................................... 161 H T R ............................................................................. 161
............................................................................................................... 162 .................................................................................................. 162 ............................................................................................................... 162 ..................................................................................... 163 Safelnt....................................................................................................... 164
............................................................................... 165 ...................................................................................................................... 166....................................................................................................................................... 166
8. C + + ................................................................................................................................................................ 167 .................................................................................................................... 167 WE ........................................................................................................................ 168 ............................................................................................ 168............................................................................................................................ 169
delete.................................................................................................................. 169 ......................................................................................... 170 .............................................................................................. 171 .................................................................... 172 STL......................................................................................... 172 ......................................................................................... 173
...................................................................................................................... 173 ......................................................................................... 174 ............................................................... 174
-
13
................................................................................................................................. 174CVE-2008-1754 ............................................................................................................... 174
............................................................................................................... 175 new d elete ............................................................................ 175 .......................................................................................... 175 ................................................................................. 176 ........................................................................................... 176STL..................................................................................................................................... 177 ............................................................................ 177
............................................................................... 177 ...................................................................................................................... 178....................................................................................................................................... 178
9. ................................................................................................................................................ 179 .................................................................................................................... 179 CWE ........................................................................................................................ 179 ............................................................................................ 180............................................................................................................................ 180
C++ ........................................................................................................... 180 ....................................... 183 ....................................................................................................... 185#, VB.NET J ava ......................................................................................................... 185Ruby................................................................................................................................... 186
...................................................................................................................... 186 ......................................................................................... 187 ............................................................... 188................................................................................................................................. 188
CVE-2007-0038 ............................................................................................................... 188 ............................................................................................................... 188
C++ ................................................................................................................................... 188SEH ................................................................................................................................... 189 .................................................................................................. 189
...................................................................................................................... 190....................................................................................................................................... 190
10. .......................................................................................................................................................... 191 .................................................................................................................... 191
C W E .................................................................................................................. 192 ............................................................................................ 192............................................................................................................................ 192
.................................................................................................... 194 ...................................................................................................................... 194 ......................................................................................... 194 ............................................................... 196................................................................................................................................. 197
CAN-2001-1187 ............................................................................................................... 197CAN-2002-0652 ............................................................................................................... 197 ................................... .................................................................... 198 ........................................................................................................... 198 .............................................................................. 201
-
14
..................................................................................... 201 ...................................................................................................................... 202 ....................................................................................................................................... 202
1 1 . ...................................................................................................................... 203 .................................................................................................................... 203 CWE ........................................................................................................................ 204 ............................................................................................ 204............................................................................................................................ 204
...................................................................... 204 ................................................................................................ 204 ............................................................................... 205 ........................................................................ 206 ............................................ 206C /C + + ............................................................................................................................... 206C /C ++ Windows ...................................................................................................... 207 .................................................................................................... 208
...................................................................................................................... 208 ......................................................................................... 208 ............................................................... 208................................................................................................................................. 208
CVE-2007-3798 tcpdump print-bgp.c: ........... 208CVE-2004-0077 Linux: do_mremap.................................................................... 208
............................................................................................................... 209C /C + + ................................................................................................................................ 209C/C++ Microsoft Visual C + + .................................................... 209
...................................................................................................................... 210 ....................................................................................................................................... 210
12. ...................................................................................................................................................... 2 11 .................................................................................................................... 211 CWE ........................................................................................................................ 212 ............................................................................................ 212
...................................................................................................................... 212 ........................................................................................................... 213 ......................................................................................................... 213 .................................................................................................... 214 ................................................................................... 214 ..................................................................................... 215 ....................................................................................... 215 ........................................................................................................ 216 ................................................................................... 216
................................................................. 216C# ( )............................................................................................ 218 .................................................................................................... 218
...................................................................................................................... 219 ......................................................................................... 219 ............................................................... 220
............................................................................ 220
-
15
................................................................................................................................. 221CVE-2008-4638 ............................................................................................................... 221CVE-2005-1133 ............................................................................................................... 221
............................................................................................................... 221C# ( ) ...................................................................................................... 222 ........................................................................................................... 223
............................................................................... 223 ...................................................................................................................... 224....................................................................................................................................... 225
13 . ................................................................................................................................................................ 226 CWE ........................................................................................................................ 227 ............................................................................................ 227............................................................................................................................ 227
............................................................................................................................. 229 .................................................................................................... 230
...................................................................................................................... 230 ......................................................................................... 231 ............................................................... 232................................................................................................................................. 232
CVE-2008-0379 ............................................................................................................... 232CVE-2008-2958 ............................................................................................................... 233CVE-2001-1349 ............................................................................................................... 233CAN-2003-1073 ............................................................................................................... 233CVE-2000-0849 ............................................................................................................... 233
............................................................................................................... 234 ............................................................................... 236 ...................................................................................................................... 236....................................................................................................................................... 236
14 . .......................................................................................................................................................... 237 .................................................................................................................... 237 CWE ........................................................................................................................ 238 ............................................................................................ 238............................................................................................................................ 238 ......................................................................................... 239 : ...................... 240
.................................................................................................... 241 ...................................................................................................................... 241 ......................................................................................... 241 ............................................................... 242
.......................................................................................................................... 242 SSL/TLS....................................................... 242 Internet Explorer 4 .0 ....................................... 243
................................................................................................................ 244 ........................ 244 ............................................ 244 , .......................................................................................... 245 ............................... 246
-
16
................................................................................... 247 .................................................................... 248 ........................................................... 248
...................................................................................................................... 248....................................................................................................................................... 249
15. ...................................................................................................................................... 250 .................................................................................................................... 250 WE ........................................................................................................................ 251 ............................................................................................ 251............................................................................................................................ 251
........................................................................ 251 .................................................................................................... 251 ....................................................................................... 252 .................................................................................................. 252 ......................................................................................... 252 ............................................................................... 252 ..................................................................................... 252 ................................................................................... 253 .............................................................................. 253 D N S................................................................................................................. 253 ..................................................................................... 253 ................................................................................. 253 ................................................................................................ 254 .................................................................... 254
...................................................................................................................... 254 ............................................................................... 255 ............................................................... 255................................................................................................................................. 255
Apple QuickTime ..................................................................................... 255 Microsoft SQL Server 2000 ................................................................... 256 Google Chrome ................................................................................................ 256
............................................................................................................... 256 ........................................................ 256 .................................................................................................... 256 ....................................................................................... 257 .............................................................................................. 257 ......................................................................................... 257 ................................................................................ 257 ..................................................................................... 258 ................................................................................... 258 .............................................................................. 259 D N S................................................................................................................. 259 ..................................................................................... 259 ................................................................................. 260 ................................................................................................ 260 .................................................................... 260
................................................................................ 261 ...................................................................................................................... 261....................................................................................................................................... 261
-
17
16. ............................................................................ 262 .................................................................................................................... 262 CWE ........................................................................................................................ 263 ............................................................................................ 263............................................................................................................................ 263
.................................................................................................... 264 ...................................................................................................................... 265 ......................................................................................... 265 ............................................................... 265................................................................................................................................. 266 ............................................................................................................... 266
Windows, C + + ........................................................................................................... 267Linux, BSD Mac OS X ................................................................................................ 269 .NET .......................................................................................................................... 270
............................................................................... 270 ...................................................................................................................... 270....................................................................................................................................... 270
1 7 . ................................................................................................................... 2 71 .................................................................................................................... 271 WE ........................................................................................................................ 272 ............................................................................................ 272............................................................................................................................ 272
................................................ 272 ACL Windows ................................................................................... 273 UNIX .......................................................................................... 273 .................................................................................................... 274 ............................................................................... 276
............................................................................ 276 .................................................................................................... 277
...................................................................................................................... 277 ......................................................................................... 278 ............................................................... 278................................................................................................................................. 279
CVE-2000-0100 ............................................................................................................... 280CVE-2005-1411 ............................................................................................................... 280CVE-2004-0907 ............................................................................................................... 280
............................................................................................................... 280C++ Windows........................................................................................................... 281C# Windows ............................................................................................................. 282C /C ++(GNOME)........................................................................................................... 282
............................................................................... 283 ...................................................................................................................... 283....................................................................................................................................... 283
18. ...................................................................................................................................... 284 .................................................................................................................... 284 CWE .......................................................frv. ,.. ^ ^ 286 .......................... ^
-
18
............................................................................................................................ 286 ............................................................................................................... 287 ..................................................................................... 287 .................................................................................................... 287
...................................................................................................................... 288 ......................................................................................... 288 ............................................................... 289................................................................................................................................. 289
CVE-2006-2198 ............................................................................................................... 289CVE-2008-1472 ............................................................................................................... 290CVE-2008-5697 ............................................................................................................... 290
............................................................................................................... 290 ..................................................................................... 290 ............................................................................................................... 292
............................................................................... 292 ...................................................................................................................... 292....................................................................................................................................... 293
III.
19. ................................................................................................................................................................ 297 .................................................................................................................... 297 CWE ........................................................................................................................ 298 ............................................................................................ 298............................................................................................................................ 298
.................................................................................................... 299 ................................................................................................................. 299 ........................................................................................................... 300 .................................................................... 300 .................................................................................................... 300 ............................................................................ 300 -.......................................................................... 301 - ................................... 301 ............................................................. 302 .............................................................................................. 302 ............................................................................... 303 .................................................................................................... 303
...................................................................................................................... 303 .................................................................................................... 303 ................................................................................................................. 303 ........................................................................................................... 303 .................................................................... 304 .................................................................................................... 304 ............................................................................ 304 ..................................................................................... 304 -.......................................................................... 305 .............................................................................................. 305 ........................................................... 305
...................................................................................................................... 305i
-
............................................................... 306 .................................................................................................... 306 ............................................................................ 306 ..................................................................................... 306
................................................................................................................................. 307 ! ............................................................................................................... 307 Microsoft Office....................................................... 307 Adobe Acrobat ..................................................................................... 308 WU-ftpd ............................................................................................ 308CVE-2005-1505 ............................................................................................................... 308CVE-2005-0432 ............................................................................................................... 309 TENEX ............................................................................................................. 309 ................................................................... 309
............................................................................................................... 309 ....................................................................................................... 310 ................................................................................................................. 310 ........................................................................................................... 310 ....................................................................................................... 310 .................................................................................................... 311 ............................................................................ 311 ............................................................................................................. 311 .................................................. 312 ...................................................... 313 ............................................................................................................. 313
............................................................................... 313 ...................................................................................................................... 314....................................................................................................................................... 314
20. ...................................................................................................................................... 316 CWE ........................................................................................................................ 316 ............................................................................................ 317............................................................................................................................ 317
- ............................................................................ 318 ................................................................................. 318 ........................................................................ 319
......................................................................................................... 320 ...................................................................................................................... 320 ............................................................................... 321
.................................................... 321 .............................................................................. 321 ...................................................... 322
............................................................... 323................................................................................................................................. 323
TCP/IP ....................................................................................... 323 O D F ................................................................... 323CVE-2008-0166: Debian ............................ 325 Netscape............................................................................................................. 325
............................................................................................................... 325Windows, C + + ........................................................................................................... 325Windows TPM (Trusted Platform M odule)....................................... 326
19
-
20
.NET .................................................................................................................. 327U N IX ................................................................................................................................. 327Java..................................................................................................................................... 328
............................................................. 329 ............................................................................... 329 ...................................................................................................................... 330....................................................................................................................................... 330
2 1 . ...................................................................................................................... 332 .................................................................................................................... 332 CWE ........................................................................................................................ 333 ............................................................................................ 333............................................................................................................................ 333
......................................................... 333 ,
.................................................... 334 ..................................... 334 .......................... 335 ......................................... 338 ......................................... 338 ...................................................................................................... 338 ...................................................... 338 ...................................................................... 339 ............................................................................. 339 ............................................................................... 340
......................................................................................................... 340 ...................................................................................................................... 340 ............................................................................... 341
(VB.NET C + + ) .......................... 341 ,
.................................................... 342 (C# C++) ............... 342
(Ruby, C# C + + )...................................................................................................... 342 ......................................... 343 ......................................... 343
............................................................... 343................................................................................................................................. 343
.................................................................... 343 XOR Microsoft Office............................................................................ 344Adobe Acrobat KDF Microsoft Office....................................................... 344
............................................................................................................... 345 ......................................................... 345 ,
.................................................... 345 ......................................... 345 .......................... 345.................................................................................................................. 346 ................................................ 347 ...................................................................................................... 347
-
21
...................................................... 347 ...................................................................... 348 .............................................................................. 348 ............................................................................... 349 ......................................... 349
................................................................................ 350 ...................................................................................................................... 350....................................................................................................................................... 350
IV.
22. ...................................................................................................................... 355 .................................................................................................................... 355
C W E ................................................................................................................... 356 ............................................................................................ 356............................................................................................................................ 356 ......................................................................................................... 360 ...................................................................................................................... 361 ............................................................................... 361 ............................................................... 361................................................................................................................................. 362
T C P /IP .............................................................................................................................. 362 ................................................................................... 363E*TRADE ........................................................................................................................ 363
............................................................................................................... 363 ............................................................................... 364 ...................................................................................................................... 364....................................................................................................................................... 364
23. PKI ( S S L ) ........................................................................ 366 .................................................................................................................... 366 CWE ........................................................................................................................ 367 ............................................................................................ 368............................................................................................................................ 368
.................................................................................................... 369 ...................................................................................................................... 369 ............................................................................... 369 ............................................................... 371................................................................................................................................. 372
CVE-2007-4680 ............................................................................................................... 372CVE-2008-2420 ............................................................................................................... 372
............................................................................................................... 372 ................................................................. 373 .................................................................................................... 374 ..................................................................................... 375 PKI ..................................... 376
................................................................................ 376 ...................................................................................................................... 376....................................................................................................................................... 377
-
22
24. ............................................................................ 378 .................................................................................................................... 378 CWE ........................................................................................................................ 379 ............................................................................................ 379............................................................................................................................ 379
....................................................................................................... 382 .................................................................................................... 383
...................................................................................................................... 383 ............................................................................... 384 ............................................................... 384................................................................................................................................. 385
CVE-2002-0676 ............................................................................................................... 385CVE-1999-0024 ............................................................................................................... 385
............................................................................................................... 386 ...................................................................................................................... 387....................................................................................................................................... 387
.................................................................................................................................................................... 388
-
SQL
SQL( SQL injection) , , , . , , ; , SQL.
. , SQL ( , !), , . , , .
SQL. , , : /1433 Microsoft SQL Server; /1521 Oracle;
-
38 1 SQL
. /523 IBM DB2;
. /3306 MySQL ,
, !
, . SQL . , .
, . , , , . 9 BDSG ( ) , .
, 2002 404, , . , SQL, , . , , 6.5.6 (Payment Card Industry (PCI) Data Security Standard (DSS)), :
- , , OWASP. , , ... (, SQL (Structured Query Language)).
, : (PCD DSS), 6.6: , SQL:
, - , SQL.
PCI DSS - , , .
, , (HIPAA, Health Insurance Portability and Accountability Act) 1996 , , ...
-
39
... , : ; :
1) ;2) ., SQL,
, , HI .
, SQL ; , , . .
CWE CWE (CommonWeakness Enumeration) , CWE/SANS 25 : CWE-89: SQL (
SQL).
, ! : Perl, Python, Ruby, Java, (, ASP, ASP.NET, JSP ), C# VB.NET. , C++ (, FairCom c-tree Microsoft Foundation Classes). , SQL .
, , , SQL . SQL.
-
40 1 SQL
, , , . , !
SQL, , , .
LINQ Microsoft .NET Framework 3.5 , LINQ (Language Integrated Query ), SQL; LINQ SQL .
SQL, SQL .
LINQ: var q =
from in db.Customers where c.City == "Austin" select c.ContactName:
SQL:SELECT [tO].[ContactName]FROM [dbo].[Customers] AS [tO]WHERE [tO].[City] = (PpO-- @p0: Input NVarChar (Size = 6; Prec = 0; Scale = 0) [Austin]
c# SQL:using System.Data:using System.Data.SqlClient:
string status = "": string ccnum = "None": try {
SqlConnection sql= new SqlConnection(@"data source=localhost:M +"user id=sa;password=pAs$wOrd;");
sql .OpenO:string sqlstring="SELECT ccnum" +
" FROM cust WHERE id=" + Id:SqlCommand cmd = new SqlCommand(sqlstring,sql); ccnum = (string)cmd.ExecuteScalar():
} catch (SqlException se) {status = sqlstring + " failed\n\r";
foreach (SqlError e in se.Errors) { status += e.Message + "\n\r";
-
41
:string sqlstring="SELECT ccnum" +
" FROM cust WHERE id-XID*": string sqlstring2 = sqlstring.Replace('%ld%'.id);
PHP , , : .
-
42 1 SQL
# while (@row = $sth->fetchrow_array ) {
print "@row";}
$dbh ^ disconnect; print "";
exit;
PythonPython -. , , SQL. Python , MySQL, Oracle SQL Server; Microsoft Open Database Connectivity (ODBC). Python DBAPI-.
, , MySQL: import MySQLdbconn = MySQLdb.connect(host="127.0.0.1" .portK^Oe.user^'admin". passwd=,,N01WillGue$S" .db="cl ientsDB) cursor = conn.cursor()cursor.executeC'select * from customer where id=" + id)results = cursor, fetchal 10conn.closeO
Ruby on RailsRuby -, . Rails -- (MVC). : Post.find(:first, conditions => [?title = #{params[:search_string]}?])
!
----------------------------------------------------------------------------------------------------- 2.1 Rails SQL, , ActiveRecord :limit :offset. Rails, - 2.1 .
Java JDBC Java SQL:
-
43
import java.*; import java.sql
public static boolean doQuery(String Id) {Connection con = null; try {
Class.forName("com.mi crosoft.jdbc.sqlserver.SQLServerDri ver""); con = DriverManager.getConnection("jdbc:microsoft:sqlserver: " +
"//localhost:1433". "sa". "$3cre+");Statement st = con.createStatementO:ResultSet rs = st.executeQuery(
" SELECT ccnum FROM cust WHERE id="+ Id); while (rs.nextO) {
// }rs.closeO; st.closeO;
}catch (SQLException e){
// 0!return false;
}catch (ClassNotFoundException e2){
// return false;
}finally{
try{
con.closeO;} catch(SQLException e) {}
}return true;
}
C/C++- , C++ , - , !
C++? , .int Bui 1 dPwdChange(const char* szllid.
const char* szOldPwd. const char* szNewPwd.In z count (cchSQL) char *szSQL.
-
44 1 SQL
DWORD cchSQL) { int ret = 0:
if (IszUid || IszOldPwd || IszNewPwd) return ret;
char* szEscapeUid = (char*)malloc(strlen(szUid) * 2); char* szEscapeOldPwd = (char*)malloc(strlen(sz01dPwd) * 2); char* szEscapeNewPwd = (char*)malloc(strlen(szNewPwd) * 2);
if (szEscapeUid && szEscapeOldPwd && szEscapeNewPwd) { szEscapeUid = Escape(szUid); szEscapeOldPwd = Escape(szOldPwd); szEscapeNewPwd = Escape(szNewPwd);
sprintf_s(szSQL. cchSQL,"update Users set pwd='2s' where uid=,^ s""AND pwd='s'",szEscapeNewPwd, szEscapeUid, szEscapeOldPwd);
ret = 1;}
if (szEscapeUid) free(szEscapeUid); if (szEscapeOldPwd) free(szEscapeOldPwd); if (szEscapeNewPwd) free(szEscapeNewPwd);
return ret;}
, , sprint s, SQL. , szSQL 100 ; (UID), , "AND pwd=" SQL! : update Users set pwd=xyzzy'where uid='mikeh '
mikeh, .
SQL , . !CREATE PROCEDURE dbo.doQuery(@query nchar(128))AS
exec(@query)RETURN
, :
-
45
CREATE PROCEDURE dbo.doQuery(@id nchar(128))AS
DECLARE @query nchar(256)SELECT @query = 'select ccnum from cust where id = ' ' +@id + ,,,,EXEC @query
RETURN
. , .
SQL + 11, C0NCAT() CONCATENATE().
Id. , , , . Id , , .
SQL . , Id, 1 or 2>1 - -, SQL :SELECT ccnum FROM cust WHERE id=l or 2>1 --
bash, , 2>1 stderr! 2>1 , , cust; , . 1=1, (IDS, Intrusion Detection System). , (, 2>1), .
(--) , . - - , #. , , .
, , . .
: . . . .
-
48 1 SQL
: , , . , , , . , SQL , .
. 17.
, - , . SQL, , . 11.
SQL , : ; ; ; SQL
SQL exec ( ).
SQL , . , SQL , , . , . :
VB.NET Sql SqlClient, OracleClient, Sql Data Adapter
C# Sql, SqlClient, OracleClient, Sql Data Adapter
mysql_c nnect
Perl1 DBI, Oracle, SQL
Ruby ActiveRecord
Python (MySQL) MySQLdb
-
4 7
Python (Oracle, cm . zope.org) DCOracle2
Python (SQL Server, . object-craft.com.au) pymssql
Java (cJDBC) java.sql, sql
Active Server Pages ADODB
C++ (Microsoft Foundation Classes) Database
C/C++ (MySQL) #include #include
C/C++ (ODBC) #include
C/C++ (ADO) ADODB, #import msadol5.dll
SQL exec, execute, sp_executesql
ColdFusion cfquery
, , . , , , . , SQL, , , , - SOAP. , , !
, SQL. , . .
, SQL. , . , - , SQL. Perl , :#!/usr/bin/perl
use strict;use HTTP::RequestCommon qw(P0ST GET); use HTTP::Headers: use LWP::UserAgent;
srand time;
-
48 1 SQL
# my Spause = 1;
# URL- Surl = 'http://mywebserver.xyzzyl23.com/cgi-bin/post.cgi';
# HTTP my $max_response = 1_000;
# my @cities = qw(Auckland Seattle London Portland Austin Manchester Redmond Brisbane Ndola);
while (1) {my $city = randomSQL($cities[rand cities]); my Szip = randomSQL(10_000 + int(rand 89999));
pr