公司的系统应用后,客户那边用appscan工具检测到严重的漏洞
1.使用 SQL 注入的认证旁路 (1/2)--未对用户输入正确执行危险字符清理
2.已解密的登录请求 (2/2)----诸如用户名、密码和信用卡号之类的敏感输入字段未经加密即进行了传递
解决思路:
1. 因为密码设置时只允许输入字母和数字,所以在用户登录前用JS检查输入的内容是否符合只包含字母和数字,这样就防止了SQL的注入。
2. 被检测出来的原因是密码在后台以明文接收,容易被人获取。于是想如果在登录前用JS把它进行加密,然后再在后台解密出来,是否可解决此问题呢。
于是在网上查询到下面JS前台base32加密,C#后台解码的方法。
JS 加密方法:
var getEncodeString = function(srcString) {
//var srcString = 'abc';
var BASE32CHAR = "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567";
var i = 0;
var index = 0;
var digit = 0;
var currByte;
var nextByte;
var retrunString = '';
for (var i = 0; i < srcString.length; ) {
//var index = 0;
currByte = (srcString.charCodeAt(i) >= 0) ? srcString.charCodeAt(i)
: (srcString.charCodeAt(i) + 256);
if (index > 3) {
if ((i + 1) < srcString.length) {
nextByte = (srcString.charCodeAt(i + 1) >= 0)
? srcString.charCodeAt(i + 1)
: (srcString.charCodeAt(i + 1) + 256);
} else {
nextByte = 0;
}
digit = currByte & (0xFF >> index);
index = (index + 5) % 8;
digit <<= index;
digit |= (nextByte >> (8 - index));
i++;
} else {
digit = (currByte >> (8 - (index + 5))) & 0x1F;
index = (index + 5) % 8;
if (index == 0) {
i++;
}
}
retrunString = retrunString + BASE32CHAR.charAt(digit);
}
return retrunString.toLowerCase();
}
JS调用代码:
// 判断输入是否是一个由 0-9 / A-Z / a-z 组成的字符串
function isalphanumber(str)
{
var result=str.match(/^[a-zA-Z0-9]+$/);
if(result==null)
{
return false;
}
else
{
return true;
}
} //base32加密
function CheckAndEncode() {
var pwd = document.getElementById('txtPwd');
if (!isalphanumber(pwd.value)) {
alert("密码只能输入字母和数字!");
pwd.value = "";
pwd.focus();
return false;
}
var s1 = pwd.value;
var s2 = escape(s1);
pwd.value = getEncodeString(s2);
}
后台转码代码:
/// <summary>
/// BASE32解码
/// </summary>
/// <param name="encodeString"></param>
/// <returns></returns>
private string getDecodeString(string encodeString)
{
int i;
int index;
int lookup;
int offset;
int digit;
string en_string = encodeString.ToUpper();
int[] BASE32LOOOKUP = new int[]{
0xFF, 0xFF, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, // '0', '1', '2', '3', '4', '5', '6', '7'
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, // '8', '9', ':', ';', '<', '=', '>', '?'
0xFF, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, // '@', 'A', 'B', 'C', 'D', 'E', 'F', 'G'
0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, // 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O'
0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, // 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W'
0x17, 0x18, 0x19, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, // 'X', 'Y', 'Z', '[', '\', ']', '^', '_'
0xFF, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, // '`', 'a', 'b', 'c', 'd', 'e', 'f', 'g'
0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, // 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o'
0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, // 'p', 'q', 'r', 's', 't', 'u', 'v', 'w'
0x17, 0x18, 0x19, 0xFF, 0xFF, 0xFF, 0xFF,0xFF
};
int stringLen = ((en_string.Length * ) / );
int[] bytes = new int[stringLen];
for (var a = ; a < stringLen; a++)
{
bytes[a] = ;
} for (i = , index = , offset = ; i < en_string.Length; i++)
{
var charCode0 = (short)'';
lookup = (short)en_string[i] - charCode0; if ((lookup < ) || (lookup >= BASE32LOOOKUP.Length))
{
continue;
} digit = BASE32LOOOKUP[lookup]; if (digit == 0xFF)
{
continue;
} if (index <= )
{
index = (index + ) % ; if (index == )
{
bytes[offset] = bytes[offset] | digit; offset++; if (offset >= bytes.Length)
{
break;
}
}
else
{
bytes[offset] = bytes[offset] | (digit << ( - index)); }
}
else
{
index = (index + ) % ;
bytes[offset] = bytes[offset] | (digit >> index); offset++; if (offset >= bytes.Length)
{
break;
} bytes[offset] = bytes[offset] | (digit << ( - index));
if (bytes[offset] >= )
{
bytes[offset] %= ;
}
}
}
string realkeyString = "";
for (var a = ; a < bytes.Length; a++)
{ var realkey = (char)bytes[a];
realkeyString += realkey;
}
return realkeyString;
}
后台调用转码获取明文:
string pwd="";
pwd=getDecodeString(txtPwd.Text.Trim());
可是等我做完以上改动之后,再用ibm appscan检测,漏洞依然没减少,郁闷啊 。。。我的一天
本文主要内容转载自 http://wwwluo.blog.163.com/blog/static/6129023120110710427826/