Tip: After the article is written, the table of contents can be automatically generated. How to generate it can refer to the help document on the right
Article directory
- Sensitive information disclosure in HTML comments
- Discover email address patterns
- File Alternate Version Detected
- Inadequate Account Blocking
- fishing through the frame
- Link injection (facilitates cross-site request forgery)
- Windows file parameter changes
- Unix file parameter changes
- Application test script detected
- Discovering Internal IP Leakage Patterns
- Autofill HTML attributes not disabled for password fields
- Discover patterns in web application source code leaks
- Missing HttpOnly attribute in session cookie
- An unsafe HTTP method was started
- Decrypted login request
- cross site scripting
- Cross Site Request Forgery
- session not updated
- SQL injection file writing (requires user authentication)
Sensitive information disclosure in HTML comments
Clarify sensitive information appearing in code comments; sensitive information includes: commented source code, email, IP address, etc.;
Discover email address patterns
Cleanup for emails appearing in the code;
File Alternate Version Detected
Clean all files in the product that start with "Copy of", "_", ".", "~" and "OId"
Inadequate Account Blocking
Limit the number of times a user logs in incorrectly, and is not allowed to log in again within a certain period of time
fishing through the frame
By establishing a filter method, it is added to judge and filter the source of request response information and to clean and filter all user input information.
By sanitizing and filtering user input containing dangerous characters, it is possible to prevent malicious users from causing the application to perform unintended tasks.
For example: launching arbitrary SQL queries, embedding Javascript code that will be executed on the client side, running various operating system commands, etc.
1. SQL injection file writing
3. Cross-site request forgery solution
Link injection (facilitates cross-site request forgery)
By establishing a filter method, it is added to judge and filter the source of request response information and to clean and filter all user input information.
By cleaning and filtering dangerous characters contained in user input, it is possible to prevent malicious users from causing the application to perform unplanned tasks, such as
launching arbitrary SQL queries, embedding Javascript code that will be executed on the client, running various operating system commands, etc.
For specific implementation, please refer to the solution of combining 1. SQL injection file writing and 3. Cross-site request forgery;
Windows file parameter changes
By establishing a filter method, it is added to clean and filter whether all user input information contains "..." (two dots) strings.
For specific implementation, please refer to the solution combined with 1. SQL injection file writing;
Unix file parameter changes
By establishing a filter method, it is added to clean and filter whether all user input information contains "..." (two dots) strings.
For specific implementation, please refer to the solution combined with 1. SQL injection file writing;
Application test script detected
Clear the test script files that appear in the code; script files mainly include test.php, test.asp, test.cgi, test.html, etc.; and modify the names of some files containing related sensitive characters; sensitive characters include: test, old, etc.;
Discovering Internal IP Leakage Patterns
Clean up the IP addresses that appear in the code
Autofill HTML attributes not disabled for password fields
Add autocomplete='off' attribute in the password input box
Discover patterns in web application source code leaks
Clean up parts of source code that appear in code comments
Missing HttpOnly attribute in session cookie
An unsafe HTTP method was started
Decrypted login request
1. The password entered by the user is encrypted with MD5 on the page and fed back to the password input box.
-
Manually generate an SSL security access certificate; I will not introduce it here, and related methods can be found online;
-
Change the product HTTP access mode to SSL security access mode; add the following code to server.xml under the conf folder of the Apache-Tomcat application server:
<!--设置SSL(Https)安全访问方式;访问端口为:8443 ->
<Connectorport="8443"minSpareThreads="5"maxSpareThreads="75"
enableLookups="true"disableUploadTimeout="true"
acceptCount="100"maxThreads="200"
scheme="https" secure="true"SSLEnabled="true"
ciphers="SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"
keystoreFile="keystore/server.keystore"keystorePass="123456"
clientAuth="false"sslProtocol="TLS"/>
(Note: keystore/server.keystore is the certificate storage path; 123456 is the certificate password;)
4. Add the following code to the product WEB.XML file:
<!--解决安全性问题:已解密登录请求;将改为SSL安全访问方式 -->
<security-constraint>
<web-resource-collection>
<web-resource-name>SSL</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
cross site scripting
By establishing a filter method, it is added to judge and filter the source of request response information and to clean and filter all user input information.
By sanitizing and filtering user input containing dangerous characters, it is possible to prevent malicious users from causing the application to perform unintended tasks.
For example: launching arbitrary SQL queries, embedding Javascript code that will be executed on the client side, running various operating system commands, etc.
For specific implementation, please refer to the solution of combining 1. SQL injection file writing and 3. Cross-site request forgery;
Cross Site Request Forgery
Added in the filter to judge and filter the source of request response information
//解决安全性问题:跨站点请求伪造
String referer = req.getHeader("Referer"); //REFRESH
String serverName = request.getServerName();
if(null != referer&&referer.indexOf(serverName) < 0){
req.getRequestDispatcher(req.getRequestURI()).forward(req, response);
}
session not updated
Add the following code to the login page
//解决安全性问题,会话未更新
request.getSession().invalidate();//清空session
Cookie[] cookies = request.getCookies();//获取cookie
if(null != cookies &&cookies.length> 0){
for(Cookie cookie : cookies){
cookie.setMaxAge(0);//让cookie过期
}
}
SQL injection file writing (requires user authentication)
By establishing a filter method, all user input information is cleaned and filtered. By cleaning and filtering dangerous characters contained in user input, it is possible to prevent malicious users from causing the application to perform unplanned tasks, such as launching arbitrary SQL queries, embedding Javascript code that will be executed on the client, running various operating system commands, etc. .
[1] |(竖线符号)
[2] &(&符号)
[3];(分号)
[4] $(美元符号)
[5] %(百分比符号)
[6] @(at 符号)
[7] \'(单引号)
[8] "(引号)
[9] \\'(反斜杠转义单引号)
[10] \"(反斜杠转义引号)
[11] <>(尖括号)
[12] ()(括号)
[13] +(加号)
[14] CR(回车符,ASCII 0x0d)
[15] LF(换行,ASCII 0x0a)
[16] ,(逗号)
[17] \(反斜杠)
https://www.likecs.com/show-339524.html