A, web command execution
What is the command execution:
the command execution vulnerability refers gongj who i can execute arbitrary system commands. Any scripting language is one of high-risk vulnerabilities can call the operating system command.
Applications sometimes need to invoke some function to execute system commands, such as in PHP system, exec, shell_exec, passthru, popen, proc_popen the like, when the user can control the parameters of the function of these, you may be malicious system command
spliced into the normal command , resulting command execution attack ji, this is the command execution vulnerability.
Such as: ping + $ variable target
value of the target is transferred into 127.0.0.1 && uname -r
如何预防:
1. 如 php中禁用一些exec等命令执行的函数
2. php程序运行在非root用户
3. 其他waf防火墙 Two, web file execution
Web applications typically have a file upload function, publish pictures, post doc format your resume on job sites, as long as the web application that allows uploading file upload vulnerability is likely to exist
客户端验证可以绕过通过 抓包修改 文件名后缀或者mime类型,再重发Three, XSS vulnerabilities
What is XSS
XSS what harm
are three types of XSS
XSS:
XSS also known as CSS (Cross Site Scripting), cross-site scripting ***, one of the common Web vulnerabilities, ranked third in the 2013 annual OWASP TOP 10 in.
XSS是指***者在网页中嵌入客户端脚本,通常是JS恶意代码,当用户使用浏览器访问被嵌入恶意代码网页时,就会在用户浏览器上执行。Hazard:
phishing, steal Cookies, shells advertising brush flow, have changed the page information, delete articles, access to client information, dissemination of worms
XSS of three types:
a reflective type
storage type
DOM type