Attackers rely on ports for intrusion. Overflow vulnerabilities are difficult to dig, and the new battlefield has moved to the Web.
PHP's capabilities are limited to the Web, slower, and do not support multi-threading. As a Web security researcher, almost everyone will learn it.
Without the browser to obtain the server response and HTML data, it can be found that, in some respects, the browser only has the function of HTML rendering in the HTTP protocol, allowing users to see a more intuitive interface.
1xx: Information prompt, indicating that the request has been successfully received, continue processing. The range is 100~101.
2xx: Success, the server successfully processed the request, and the range is 200~206.
3xx: Redirect
4xx: Client error status code, such as a malformed request or, most commonly, a request for a URL that does not exist.
5xx: The server itself has an error.
404: The requested resource does not exist.
400: The client request has a syntax error and cannot be understood by the server.
401: The request is unauthorized.
403: The server received the request, but refused to provide the service.
500: Internal server error, which is the most common state.
503: The server cannot currently process the client's request, and it may return to normal after a period of time.
HTTP uses port 80 to connect, while HTTPS uses port 443.
Front-end Javascript verification is to prevent user input errors, and server-side verification is to prevent malicious attacks.
Fidder is an excellent web debugging tool, it can record all the communication information (HTTP and HTTPS) between the browser and the server, and allows you to set breakpoints and modify input/output data.
Common types of SQL injection include: numeric and character. Regardless of the type, the attacker has only one goal, that is, to bypass program restrictions, make the data entered by the user enter the database for execution, and use the particularity of the database to obtain more information or greater authority.
When attackers exploit upload vulnerabilities, they usually cooperate with the parsing vulnerabilities of the web container.
When programmers prevent upload vulnerabilities, there are two types:
client-side detection: the client uses Javascript to detect the file, and the file is verified when the file is not uploaded;
server-side detection: the server-side script generally detects the MIME type of the file. Check whether the file extension is legal, and even some programmers check whether the file is embedded with malicious code.
Only relying on the blacklist filtering method cannot prevent upload vulnerabilities, because there are too many unknown risks that we cannot predict.
IIS 6.0 will be executed as an ASP script program by pentest.asp;1.jpg. Eventually, the attacker can bypass the whitelist detection and execute the Trojan horse program.
Upload vulnerabilities are completely avoidable. All that needs to be done is to verify the path and randomly rename the files.
XSS is mainly divided into three categories, namely reflection type, storage type and DOM type.
Compared with reflective XSS and DOM XSS, storage XSS has higher concealment and greater damage.
XSS common hazards: stealing user cookies, modifying web content, website hacking, using website redirection, XSS worm.
Cookie is a technology that allows the website server to store a small amount of text data on the client's hard disk and memory, or to read data from the client's hard disk and memory.
Memory cookies and hard disk cookies are similarly divided into persistent cookies and non-persistent cookies. The size of a cookie can only be around 4KB at most.
Expires is GMT Greenwich Mean Time. If it is defaulted, the attribute value of the Cookie will not be saved in the user's hard disk, but only in the memory. The Cookie will automatically disappear when the browser is closed.
With the help of the two variables of domain and path, the scope of cookie file access can be effectively controlled.
The sessionid is a unique and non-repeated "number". If the server is closed or the browser is closed, the session will be automatically logged out, and it will be reassigned when the user connects again.
The biggest difference between a session and a cookie is that a cookie stores data on the client side, while a session is stored on the server side, only an ID is stored on the client side. Relatively speaking, SESSION is safer than Cookie.
XSS cross-site vulnerabilities are ultimately formed because there is no strict filtering of input and output, and client-side scripts such as JavaScript are executed on the page. This means that as long as the sensitive characters are filtered, the XSS cross-site vulnerabilities can be fixed.
&Amp;"Entity"'Entity'<Entity<>Entity>
Cooke with HttpOnly, JavaScript will not be able to obtain it.
CSRRF is Cross-Site Request Forgery, usually abbreviated as CSRF or XSRF. Key point: The CSRF attack is based on the conversation between the browser and the Web server; it deceives the user to access the URL. Using the POST method to receive data can not block CSRF attacks, but it only increases the difficulty of constructing URLs.