Shulou(Shulou.com)06/01 Report--

Summarize several common vulnerabilities in web

1.SQL injection

2.XSS cross-site scripting

3. Buffer overflow

4.cookies modification

5. Upload vulnerability

6. Command line injection

1 sql vulnerability

SQL injection * * is one of the common methods for * to perform * on databases. With the development of application development based on BBPRS pattern, more and more programmers use this pattern to write applications. However, due to the uneven level and experience of programmers, a considerable number of programmers do not judge the legitimacy of user input data when writing code, which makes the application have security risks. Users can submit a database query code, according to the results returned by the program, get some data he wants to know, this is the so-called SQL Injection, that is, SQL injection.

2 XSS boast site vulnerability

XSS is a computer security vulnerability that often appears in web applications, which allows malicious web users to implant code into pages provided to other users. For example, this code includes HTML code and client script. * users take advantage of XSS vulnerabilities to bypass access control-such as homologous policy (same origin policy). This type of vulnerability has become well known because it has been used to write the more harmful Phishing. For cross-site scripting, the consensus is that cross-site scripting * * is a new type of "buffer overflow * *", while JavaScript is a new type of "ShellCode".

3 buffer overflow

A buffer overflow vulnerability refers to a buffer overflow that occurs when a program tries to put data in a location in its memory because there is not enough space.

4 cookies modification

Based on the above suggestion, even if the Cookie is stolen, because the Cookie is randomly updated and the content is irregular, the users cannot take advantage of it. Another advantage of taking advantage of timestamps is to prevent Cookie tampering or replay.

Cookie theft: collect users' cookie concurrently to * * users. * users will use cookie information to access user accounts by legal means.

Cookie tampering: using a security mechanism, * * users add code to rewrite Cookie content for persistence.

5 upload loophole

This vulnerability is the most rampant in the era of DVBBS6.0. Upload vulnerabilities can be directly used to obtain WEBSHELL, and the damage level is super high. Nowadays, upload vulnerabilities are also common vulnerabilities.

The reason for this vulnerability is that the code author does not verify the data submitted by visitors or does not filter strictly, and can directly submit the modified data to bypass the verification of the extension.

6 command line injection

The so-called command line input is webshell. If you get the permission, you can do whatever you want.

Here is a video tutorial on how to protect web applications, which comes with a defense script

Http://www.roncoo.com/details/b32a545a747440bd893f632427740604

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.