ASP SQL Checksum to Length of String
We often forget the simple things in life.
Let's at the next dinner party talk about adding a Checksum that only our SQL or IIS server knows. Let's add a Length Checksum with a Salt to all our query strings.
One of the easiest things we can do with any post or query that we have to retrieve and use is to count the total length of the query.
This is fine if your visitor doesn't just add the SQL Injection scripts directly to your form fields.
But, for the thousands of auto-scripts that just add to your url or test typical queries this will help.
Posting ?q=gssor$2@$1E$1E(MnW) = 19 characters.
If we added a value at the end we can then check everything to make it work for us.
Let's use: ?q=gssor$2@$1E$1E(MnW)-19
Using everything we have learned so far we have some simple functions.
The process here would be as follows.
The full string for Q would have been character counted for length before any encoding.
After the length was recorded a dash "-" or any indicater seperator you choose would be inserted followed by the numeric value of the actual strings length.
This would then be URLEncoded then EncodedOffSet would be run.
When we decode the string the first function would be to see if anything has changed the length. This could also be a MD5 hash but to keep it simple we are using string length.
strQ = Request.QueryString("q")
intQ = Len(strQ)
intCQ = InStrRev(1,"-",-1,vbTextCompare)
Pausing to setup the Example Page here.
Notice that I'm using a form GET so you can create the querystring.
This method is for internally created server side querystrings which once put together can not be edited or the page will simply redirect. I'll be more detailed in the ASP SQL Injection Code Page.