pikaqiu practice platform -URL redirection, directory traversal, disclosure of sensitive information

Others 2020-04-04 13:48:02 views: null

 

URL Redirection

Overview:

Unsafe url Jump problem may occur in the implementation of all the url where the jump .
If the back-end using the front-entered the ( possibly pass user parameters , or embedded in the front page before the url address ) parameter as a jump destination , but do not judge if
it could happen " jump the wrong object ." The problem.

 

url jump more direct harm is :
-> Fishing , both attacker use the vulnerability party domain name ( for example, a relatively well-known company domain tend to make users be assured of clicks ) as a cover , and the final jump indeed phishing sites

 

 

 

 

We Click this four sentences, click on the first two did not change the page, click on the three points will jump to the URL overview go, click on the fourth word will appear;

 

 

 

 

 

 

 We can change the url , the user clicks on this URL will be redirected to the site we designed, for example:

192.168.17.111/pikachu-master/pikachu-master/vul/urlredirect/urlredirect.php?url=http://www.baidu.com    will jump to Baidu's page;

 

 

View source understood,  by get to the front end of the acquisition request url , determines url whether I , if the word is output, if he is not directly a jump ;

 

 

 

 

 

 

 

 

Directory Traversal

Overview:

    In the web function design , file many times we will want to need to access the defined variables, so that the front end of the function will be more flexible. When a user initiates a request to the front end, this will be the value of the requested file ( such as a file name ) is transmitted to the background, the background then performing corresponding document. In this process, if the background is not strictly security by value come to the front, an attacker could pass "../" This means to let open in the background or perform some other files. Leading to the results of other file directory on the back-end server is traversed out, forming a directory traversal vulnerability.

See here , you may feel a directory traversal vulnerability and insecurity file downloads, and even files contain loopholes have similar meaning, is the main reason directory traversal vulnerability formed with both, they are in functional design transfer files using a variable manner will be operated to the background, but no rigorous security concerns caused by the appearance of the location just is not the same phenomenon exhibited, therefore, it was still separate out the definition of what.

Need to distinguish between what is , if you pass no arguments url (for example: HTTP: // xxxx / doc ) lists the doc folder of all the files inside this situation, we become sensitive information leakage. While not classified as a directory traversal vulnerability. (Disclosure of sensitive information about you that you can "i can see you ABC" is understood in more)

 

 

 

 

 After entering the second click on the blue font, 

 

 

 

 

Then we construct url parameter passing to the background, read sensitive documents, http://192.168.17.111/pikachu-master/pikachu-master/vul/dir/dir_list.php?title=../../../assets /css/ace.min.css

 

 

 

 

 

 

Disclosure of sensitive information

    Back office staff due to negligence or improper design, should not be seen leading to the front-end user data to be easily accessed. such as:

    --- by visiting url directory, and can be listed in the directory list of files directly ;

    --- input error of url parameters error message which contains the operating system, middleware, development language version or other information ;

    --- front-end source code ( HTML, CSS, JS ) which contains sensitive information, such as background login address, network adapter information, or even account passwords ;

    Similarly these circumstances, we become sensitive information leakage. Although the disclosure of sensitive information has been rated relatively low hazard vulnerabilities, but these are often sensitive information to the attacker with the implementation of further attacks provide great help , even " outrageous " the disclosure of sensitive information will also directly cause serious damage. Therefore , in web development and application, in addition to the security code to write, but also need to pay attention to proper handling of sensitive information.

 

 

 

 

Open the page source, you can see the user name and password;

 

 

 

Use lili / 123456 login;

 

 

 

 

 

We can also bar url in findabc.php # amended as abc.php to bypass the landing;

 

 

Guess you like

Origin www.cnblogs.com/199904-04/p/12631289.html
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com