First, command execution
1: What is the command?
Command execution vulnerability that an attacker could execute arbitrary system commands. Any scripting language is one of high-risk vulnerabilities can call the operating system command.
Some applications may need to call the function to execute system commands, such as for example: PHP in the system, exec, shell_exec, passthru, popen, proc_popen the like, when the user can control the function of these parameters, the system can command malicious
Spliced to the normal command, resulting command execution attack, which is the command execution vulnerability.
Protective measures that command execution vulnerability
1: Recycling non-ROOT users execute permissions on the file
2: prohibit illegal off function, such as the risk of certain functions under the PHP
Second, file upload
1: What is a file upload?
Web applications often have a file upload function, publish pictures, post doc format your resume on job sites, as long as the web application that allows uploading file upload vulnerability is likely to exist
2: file upload harm
① webshell upload files through the file, the site control
② Order Execution System
3: file upload process
4: The client verification process
5: MIME verification
MIME type of abbreviated as (Multipurpose Internet Mail Extensions) on behalf of media type (Internet media type), MIME uses a simple strings, initially to identify the types of messages Email attachments, you can use the content-type attribute in html file He said that describe the file type of Internet standards.
MIME main categories:
text: text information showing for normalization, the text message may be more or more character sets and format;
Multipart: a plurality of connecting sections of the body constitute a message, these portions may be different types of transactions;
Application: for the transmission of binary data or application data;
Message: E-mail for packaging a message;
Image: used to transmit static image data;
Audio: for transmission of an audio or sound data;
Video:用于传输动态影像数据,可以是与音频编辑在一起的视频数据格式。
6:文件上传类流程
7:怎么去防护文件上传漏洞?
①上传目录权限限制
②利用开源的杀毒软件
③开发人员在代码中设计md5加密文件名
三、XSS
1:什么叫XSS?
XSS又叫CSS(Cross Site Scripting),跨站脚本攻击,常见的Web漏洞之一,在2013年度OWASP TOP 10中排名第三。
XSS是指攻击者在网页中嵌入客户端脚本,通常是JS恶意代码,当用户使用浏览器访问被嵌入恶意代码网页时,就会在用户浏览器上执行。
2:XSS有什么危害?
①网络钓鱼
②窃取用户Cookies
③弹广告刷流量
④具备改页面信息
⑤删除文章
⑥获取客户端信息
⑦传播蠕虫
3:XSS的三种类型
①反射型:
将恶意脚本附加到URL地址的参数中,只有当受害者点击这些链接的时候,才会触发恶意JS脚本,特点是只有在用户单机时触发,而且只执行一次。
②存储型:
黑客将恶意代码放到三方网站的数据库中,当受害者点击该网站后,该恶意代码就会在受害者的浏览器中执行。
③DOM型:DOM型XSS并不需要服务器解析响应的直接参与触发XSS靠的是浏览器DOM解析
DOM型就是JavaScript中的Document对象HTML注入,直接浏览器处理。
4:常见的XSS防护方法
①
与防护SQL注入类似
②
HTTPONLY的方式
③采用
CSP策略