With the book answer.
- Network equipment used to perform a Web interface to configure the device. Why is this function is usually vulnerable
to OS command injection attacks?
Applications for configuring network devices often include the use of normal Web scripting API can not easily real
now functions, such as for restarting the device, loop access log file or re-configure SNMP functionality.
Typically, the operating system command line can easily perform these tasks. Thus, in many cases, the application
program developer by the user by setting the associated input incorporated directly into the shell command string to achieve these functions.
- When the test the following URL:
http://wahh-app.com/home/statsmgr.aspx?country=US
the value of the country parameter changed to foo leads to the following error message:
Could not Open File: D: \ App \ default \ home \ logs \ foo.log (invalid file).
What can take steps to carry out attacks against the application?
The application appears to a user input submitted to merge the file path for the file system operation, and
and can access any files on the server by submitting a specially designed input. Therefore, we should try to make the
access to different directories with ../ traversal sequence. Since .log is appended to the input, it should attempt to
terminate NULL byte file name. Please note that appears in the error message home directory may appear in
the URL of the home directory is the same directory, which provide clues to the location of the Web root directory of the project.
- When tested on a POST request to an application to transfer data in XML format, can facilitate
read arbitrary files from the server's file system with which the vulnerability? To successfully implement the attack, which must meet
these prerequisites?
Applications may be vulnerable to XML External Entity (XXE) injection. Retrieve the contents of arbitrary files
prerequisites are as follows:
(A) application that uses the XML parser must support an external entity;
(B) the application must explicitly XML element back to the content request in its response.
- It made the following request to the ASP.NET application running on the platform:
POST /home.aspx?p=urlparam1&p=urlparam2 HTTP / 1.1
Host: wahh-app.com
Cookie: = cookieparam the p-
Content-Type: the Application / the X--www- urlencoded-form
Content-the Length: 15
the p-bodyparam =
application executes the following code:
String param = Request.Params [ "the p-"];
what value param variables may I ask?
param variable is urlparam1, urlparam2, bodyparam, cookieparam.
- HPP is a prerequisite for HPI, HPI is still HPP premise?
Strictly speaking, these two are not attacking each other's premise.
Although HPI attacks often contain HPP, but this is not necessary. For example, the HPI might attack a whole
new request to the backend parameter injection, to interfere with the processing of the application. But this type of attack and
not dependent on any particular behavior of the application performance when processing multiple parameters of the same name.
Typically, HPP attacks may not include HPI, especially in the case where the user performs the input of a multi-layer process.
For example, some attacks against Internet Explorer XSS filter use HPP skills, but not in the
injection parameters of any back-end request.
- An application contains a feature that a request to an external domain, and returns the response to these requests
shall. To prevent the server-side redirect attacks retrieval application protected resources on your own Web server
source, an application to prevent the request to localhost or 127.0.0.1 as the target. How to break this anti-
imperial, access to resources on the server?
Loopback IP address of the server has many alternate forms of representation can be used to avoid the application of excessive
filtration. E.g:
(a) 127.1
(b) 127.000.0.1
Any other address (c) 127.0.0.0 A class subnet
(D) representation of these binary or octal variant thereof, such as 017,700,000,001
- An application for the use of a user submits feedback function. This feature allows users to submit their
e-mail address, message subject and detailed feedback. Then, the user submits the application to the theme and counter-
feed for the body of the message, send an e-mail from a user's address to the [email protected]
mail. Which of the following methods can be effective against e-mail injection attacks?
(A) Disable mail relay on the mail server.
(B) the use of hard-coded [email protected] RCPT TO field.
(C) ensure that user input submitted does not contain any line breaks or other SMTP yuan characters.
This application features for e-mail injection attacks do not need to mail server supports mail relay. If other
message header contains the input user controlled, hard-coded RCPT TO field is also not protect against e-mail injection, because
an attacker could use another RCPT TO lines inject another recipient. In this case, the most effective
defense is strictly confirm all input submitted by the user to ensure that it does not contain any switch characters or other
SMTP yuan characters.
Reference links
http://www.ituring.com.cn/book/885