Common web vulnerabilities investigation

In a recent investigation of the existence of loopholes in the project when added some knowledge, we gather some information, tidy.

Weak password vulnerabilities (weak password)

• Weak password is no strict and precise definition, generally considered easy for someone else (they likely to know much about you) to guess or crack passwords are tools to crack weak passwords.
  Xu password is usually about compliance guidelines:

1. NA empty password or the system default password, the password is known, typical weak password;
2. Password length is not less than 8 characters;
3. Password should not be a continuous character (e.g.: AAAAAA) or some combination of repeated characters (e.g. tzf.tzf.)
4. Password should look at a combination of four types of characters, uppercase letters (AZ), lowercase letters (az), numbers (0-9) and special characters. Each class contains at least one character. If a certain character contains only one, then the character should not be led by a character or last character.
5. Password should not contain himself, the name and date of birth parents, children and spouses, and to commemorate the date, login name, E-mail addresses and more information related to himself, as well as a dictionary of words.
6. The password should not replace some of the words with the letters numbers or symbols.
7. Password should be easy to remember and can quickly enter, it is easy to prevent others from seeing your input behind you.
   The replacement of at least 90 one-time password.
   [Uploading Image ... (image.png-97e0e2-1545181638274-0)]

File Upload Vulnerability

• File upload vulnerability usually due to play also in the code file upload path variable filter due to lax, if the file upload function implementation code is not strictly limited users to upload a file extension and the file type, an attacker can access the directory via Web upload any file, including website backdoor file (webshell), and then the remote control web server. Therefore, in the development of the site and the application process, the need for strict limits and check uploaded files, file prohibit malicious code. While limiting the implementation of the relevant directory permissions to prevent webshell attack.

Database security vulnerabilities

1. Wrong deployment

• Wrong improper deployment or deployment will be very easy for database fall into distress. Prior to full deployment, comprehensive inspection, testing database is necessary to ensure that the database can be competent for the work undertaken.
• Solution: carry out extensive pre-deployment testing, checking, as far as possible to find aspects that can be exploited by attackers.

2. offsite server data leak

• Company database may be hosted on the server is not connected to the Internet, but in fact, with or without an Internet connection, a hacker database has cut the available network interfaces, database security will be threatened.
• Solution: First, the database server as a network server look the same, make the appropriate security protection. Secondly, during the database development, use TLS or SSL encryption to encrypt data communications platform is particularly important.

3. misconfigured database

• Many databases are not being stale fill loopholes or default account configuration parameters betrayed. This might be an administrator too busy to take into account in a timely manner, or because business-critical systems can not afford downtime reason to check the database caused by losses due.
• The solution: create a database security is the top priority of the company atmosphere and improve the safety awareness of company personnel, urging database administrators to configure and repair the database.

4. SQL injection attacks

• SQL injection is one of the most common vulnerability database, it is an open web application security technology (OWASP) Application number one threat to security threats on the list. After SQL injection to the database, the application will be injected malicious string to deceive the server executes the command. The sensitive data is read, modify data, perform management operations.
• Solution: In the development process, the input variables SQL injection testing. After the band developed, using a firewall to protect the network database.

5. misconfigured permissions

• Database access issues faced are: employees are given too much beyond the competence required for their work; on the contrary, it is not open enough privileges contrary, it is not sufficient permissions; In addition, the authority also can be used in bad faith.
• Solution: in accordance with the principle of least privilege distribution rights, given the staff permission to complete the minimum needed for the work. In addition, strict monitoring the behavior of database access, to ensure that employees operate only for authorized. Employees need to immediately revoke its authority conferred upon separation.

Directory traversal vulnerability

• Directory traversal (Path Traversal) is a security vulnerability because the security file name of the web server or application wen insufficient validation of user input resulting from such attackers through the use of special characters can bypass security restrictions servers, access any document (can be a file outside the web root directory), and even execute system commands.
• Principle of Vulnerability: program on without full filtering user input ../之类的目录跳转符, a malicious user may lead to traverse arbitrary files on the server directory by submitting a jump.
• The solution:1. to verify the user's data, in particular the alternative path character "... /"; 2.as far as possible in the form of a list of classes to validate all input; 3.the rational allocation of directory permissions of the web server; 4.when the program error, not to show internal details.
• The scene appears: read files or show pictures of the file reads the interactive block.

Middleware vulnerability

1.Struts2 Remote Command Execution Vulnerability

• Struts2 vulnerability means remote command execution code is not controllable parameter for the user to do filtering, directly into the cause code execution command may be used to execute any command.
• Dangers posed:
  1. An attacker could exploit this vulnerability to execute operating system commands directly get WebShell, and can affect internal network security through the system;
  2.attacker to execute arbitrary commands can be used to write back door and gain complete control server, resulting in serious consequences.
• Advice: 1. Upgrade to the latest version of the struts; 2.deploy a web application firewall.

2.Tomcat remote deployment Vulnerability

• This is a tool JSP / PHP site remote deployment, remote administrators only need to upload a war file format, you can publish to the site, while convenient for developers to deploy code, upload Trojans opened the door for the hacker.
• Vulnerability Verification: by visiting: address management, weak passwords or default password attempts, if the login is successful, there is this vulnerability.
• Vulnerability hazards: lead the Trojan file upload control server.
• Bug fixes: 1） delete this management interface; 2）firewall settings outside the network banned from this page, or upload file types; 3）middleware settings on this page access; 4）; modify the default account password 5）latest upgrade to Tomcat.

3.Java deserialization vulnerability

• Because of loopholes in some deserialize Java jar package container (middleware), leading to remote commands can be invoked. Impact of container has: jenkins, jboss, weblogic, websphere and so on.
• Vulnerability: Download hair serialized testing tools.
• Bug fixes: tomcat container are not affected.