2019.11.9 study notes

Others 2019-11-09 23:28:12 views: null

1. a possible embodiment of the access control application by using the HTTP Referer header, but its normal

Behavior did not reveal it publicly. How to detect such defects? Select series you have access to important application functionality. Each of the above feature access requests submitted by Referer modified without the message header or message header. If the application is refused these requests, then it is likely to be vulnerable. Then, try the same request made by another user does not have permission, but every message submitted Referer original header. If the application now accepts these requests, then the application is certainly vulnerable to attack.
2. Log application, the following is redirected to the URL of:
https://wahh-app.com/MyAccount.php?uid=1241126841
application appears to submit a user identifier to MyAccount.php page. Unique identifier known is
its own identifier. How to test whether the application uses this parameter in an unsafe manner to enforce access control
system? The following test should be tested (in order of efficiency) :( 1) using the same syntax as the uid value changed to another value. If the application still return to your own account information, then the application may be less susceptible to attack. (2) If you can access another user's account or registered in other ways, you can use the account to log uid value for additional users. Then use their original user rights, and substitute their own uid uid value with this new value; if the time the application displays sensitive data about other users, then the application vulnerable to attack. (3) use a script to get thousands of value from their own uid, and determine (if you submit these values) whether the application will be returned to any other user information. (4) using a script request uid interposed random value between 0 and 9999999999 (in this example), and determines whether the application returns any other user information.
A Web application on the Internet 3. The implementation of access control by checking a user's source IP address. for
What this behavior may be defective? An attacker can fake IP addresses of other users, although in practice to do this can be extremely difficult. More importantly, if after multiple end-users on the Internet in the same Web proxy server or NAT firewall, these users may share the same IP address. In this case, to make IP-based access control to play efficiency, a method is as a defense in depth measures to ensure that the user tries to access the internal network management functions located in the organization. Of course, those functions should be verified by a strong identity and session handling mechanism for protection.
4. The sole purpose of an application is to provide a searchable repository of information for the public. The application does not make
any authentication or session management mechanism used. The application which access control should be executed? The application does not access any of the horizontal or vertical division, it is not necessary to distinguish between the different access control to individual users. Even if all users belong to the same category, the application still need to limit what a user can perform. A robust solution is to apply the principle of least privilege to ensure that all user roles in the application architecture has the least privileges required to run the application. For example, if the user need only read access to the data, the application should use a low-privilege account (with read-only privileges for related tables only) to access the database.
5. In the browser encounters an application process should prevent several unauthorized access to sensitive resources, their
file extension .xls. Why this should attract immediate attention? These file as an Excel spreadsheet, which is a static resource, the application can not implement any of its access control (such as through dynamic script). Applications may be to protect these resources through other means (such as a Web server layer), but usually not the case. Should immediately check whether you can not be authenticated to access these resources.

An assembly language is an interpreted language interpreted by a language code in a run time and run-time execution of the instruction contained therein, including SQL, LDAP, Perl, and PHP.
It generates code: compiled language is a language into machine instructions, and these instructions are executed directly by a computer processor running the selected language.
SQL query structure is the most common injection points ORDER BY clause. ORDER BY keywords accept a column name or number, and sort the result set based on the values in the column.
In the ORDER BY clause implementation of SQL injection and other injection situation is very different. At this point, the database will not accept queries UNION, EHERE, OR, or AND keyword. Generally, an attacker needs to specify injection attacks nested query instead of a parameter, such as with (select 1 where << condition >> or 1/0 = 0) alternative name.
How to construct a database common services string:
the Oracle: 'Serv' || 'ICES'
the MS-the SQL: 'Serv' + 'ICES'
the MySQL: 'Serv' 'ICES' [Note spaces Italy]
If the injection of digital data, can be use the following attack string recognition database. Each data item is evaluated in the target database result is zero, in other databases will cause errors.
The Oracle: BITAJND (1, 1) -BITAND (1, 1)
MS-SQL: @@ pack_received - @@ pack_received
MySQL:
CONNECTION_ID () - CONNECTION_ID () the MS-Sybase databases and the SQL the same origin, so they present many similarities in the table structure, terms of global variables and stored procedures. In fact, the vast majority of attacks tips for MS-SQL back door of the same description also applies to Sybase.
When recognition database, MySQL how to handle the comment is also a concern in some line problems. If a comment beginning with an exclamation point, followed by database version string, so long as the actual version of the database is equal to or higher than the string order will apply to the content of the comments interpreted as SQL; otherwise, the application will ignore comments Comments are ignored content, will he treated as a comment.
SQL UNION operator using the SELECT statement to combine several separate a result.

Guess you like

Origin www.cnblogs.com/wangtanzhi/p/11828227.html
Recommended
Face Wall Intelligence releases the Eurux-8x22B open source large model - it can be called the "science champion"
Kaiyuan Daily | Google supports Hongmeng to take over; open source Rabbit R1; Android phones supported by Docker; Microsoft’s anxiety and ambition; Haier Electric shuts down the open platform
Ranking
Jianzhi offer interview questions 68-II. The nearest common ancestor of a binary tree (recursive)
jQuery Mobile development 1-UI components
Summary of Kotlin function knowledge
[ZZ] The Naked Truth About Anisotropic Filtering
Diagnosis: record a recovery of abnormal CRASH storage caused the database to be unable to be opened normally
Redis introduction and Linux installation Redis
Experiment 2 Introduction to switches
glances open source command-line system monitoring tools introduced
Use of selector
vue3 handwriting a carousel picture
Daily
More
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)

Code World

© 2018 codetd.com