Ethical Hacking - Web Penetration Testing(7)

VULNS MITIGATION

1. File Upload Vulns - Only allow safe files to be updated.

2. Code Execution Vulns:

• Don‘t use dangerous functions.
• Filter use input before execution.

3. File inclusion:

• Disable allow_url_fopen & allow_url_include.

• Use static file inclusion.

Suggest using Hard Code Style, not using any variables, which is much more secure.

index.php?page=news.php

index.php
code:
include($_GET(‘page‘));

index.php
code:
include(‘page.php‘);

Ethical Hacking - Web Penetration Testing(7)

原文：https://www.cnblogs.com/keepmoving1113/p/12276021.html