by   December 20 2014   
ASP SQL Checksum to Length of String. It is that time, let's count the characters of our string, add a digit or two then mix them up to split them out.. I did say split them out into a pre-defined pattern that only our decode knows. Well, you might think that but anyway, it is time to measure our strings to keep us safer.

ASP SQL Checksum to Length of String

We often forget the simple things in life.

Let's at the next dinner party talk about adding a Checksum that only our SQL or IIS server knows. Let's add a Length Checksum with a Salt to all our query strings.

One of the easiest things we can do with any post or query that we have to retrieve and use is to count the total length of the query.

This is fine if your visitor doesn't just add the SQL Injection scripts directly to your form fields.

But, for the thousands of auto-scripts that just add to your url or test typical queries this will help.

Posting ?q=gssor$2@$1E$1E(MnW) = 19 characters.

If we added a value at the end we can then check everything to make it work for us. 

Let's use: ?q=gssor$2@$1E$1E(MnW)-19

Using everything we have learned so far we have some simple functions. 

The process here would be as follows. 

The full string for Q would have been character counted for length before any encoding. 
After the length was recorded a dash "-" or any indicater seperator you choose would be inserted followed by the numeric value of the actual strings length. 
This would then be URLEncoded then EncodedOffSet would be run. 
When we decode the string the first function would be to see if anything has changed the length. This could also be a MD5 hash but to keep it simple we are using string length. 

Dim strQ,intQ,intCQ

strQ = Request.QueryString("q")

intQ = Len(strQ)

intCQ = InStrRev(1,"-",-1,vbTextCompare)

Pausing to setup the Example Page here.

 Example Page with Code

 Notice that I'm using a form GET so you can create the querystring. 

This method is for internally created server side querystrings which once put together can not be edited or the page will simply redirect. I'll be more detailed in the ASP SQL Injection Code Page. 

ASP SQL Checksum to Length of String. It is that time, let's count the characters of our string, add a digit or two then mix them up to split them out.. I did say split them out into a pre-defined pattern that only our decode knows. Well, you might think that but anyway, it is time to measure our strings to keep us safer.