Shulou(Shulou.com)05/31 Report--

This article mainly shows you the "website vulnerability repair upload webshell loophole repair example analysis", the content is easy to understand, well-organized, hope to help you solve your doubts, the following let the editor lead you to study and learn the "website vulnerability repair upload webshell vulnerability patching example analysis" this article.

SINE security in a customer's website vulnerability detection and repair found that there are serious sql injection vulnerabilities and upload webshell website Trojan vulnerabilities, the site uses a CMS system, using PHP language development, mysql database architecture, the site source is currently open source state.

A certain CMS is a social CMS system that focuses on providing paid knowledge. Knowledge payment has a high demand in the current Internet. The system can share documents and download for a fee. The knowledge content published by users can be hidden and provided to paying customers to read. The code is concise and popular with webmasters. The site loophole mainly occurs when uploading compressed packages, constructing malicious decompression code to extract the webshell in the zip package to a specified directory, resulting in vulnerabilities. There are also sql injection vulnerabilities in the CMS, which we will break down one by one.

Details and fixes of SQL injection vulnerabilities

Check the code database configuration file of the website and see that the connection function of the database uses pdo mode. After carefully tracking the code, you can see that some special symbols are also used for escape operations. Some sql injection codes do not have comprehensive security filtering for alignment, resulting in sql injection attacks. The code screenshot is as follows:

The above code uses the select query function. We focus on his cond function. Through a detailed look at the code, we determine that this function is used to dock the value written by the front-end user. When the current end user submits malicious code, it will be passed into the value of id. Let's splice the SQL statement, carry out variable coverage operation on the value of id, and cooperate with IN,like and other sql statements to attack the database. Check the account password of the database and modify the database.

Fix sql injection vulnerabilities and filter illegal character input in GET requests as well as POST requests.' Semicolon filtering-security filtering of% 20 special character filtering, single quotation mark filtering,% percent sign, and filtering, tab key values, etc. Enable php magic to prevent some illegal parameters from being transmitted and constructed.

Webshell loophole for website upload

The website is open and free to register users, and it is also an ordinary user. During a comprehensive security inspection of its upload function, it is found that there is a loophole in uploading zip compressed packages. Uploading files such as doc needs to be audited, but zip is directly written to the database. We can view the database through the sql injection vulnerabilities found above, and we can see the file address of zip.

How to upload webshell? we query the administrator account password of the backend of the website through the sql injection vulnerability, log in to the backend of the website, and there are no loopholes in the backstage functions. However, in viewing the source code, we find that there is a functional code that can decompress the zip file, which can be decompressed without using user rights. Then we will construct parameters to directly access the decompressed code file, and post requests the past. By extracting our zip file directly into the current file, we can upload our webshell Trojan horse.

On the repair of website upload vulnerabilities, it is recommended that the administrator turn off the decompression function, or determine the authority of the extracted files, whether the administrator user has the decompression function, or the ordinary member permission has the authority to extract the document, the reasonable security allocation of permissions, and then a non-scripting permission setting for the uploaded directory to prevent the operation of the back door of the webshell Trojan. If you are not familiar with website vulnerability repair, it is recommended to find a professional website security company to help you fix website loopholes. Domestic security companies such as Sinesafe and Green Alliance, Qimingxing are more professional.

The above is all the contents of this article entitled "sample Analysis of webshell vulnerability repair on website vulnerability repair". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.