首页 > Web开发 > 详细

Ethical Hacking - Web Penetration Testing(7)

时间:2020-02-08 14:07:14      阅读:75      评论:0      收藏:0      [点我收藏+]

VULNS MITIGATION

1. File Upload Vulns - Only allow safe files to be updated.

2. Code Execution Vulns:

  • Don‘t use dangerous functions.
  • Filter use input before execution.

3. File inclusion:

  • Disable allow_url_fopen & allow_url_include.

技术分享图片

  • Use static file inclusion.

Suggest using Hard Code Style, not using any variables, which is much more secure.

index.php?page=news.php

index.php
code:
include($_GET(‘page‘));

index.php
code:
include(‘page.php‘);

 

Ethical Hacking - Web Penetration Testing(7)

原文:https://www.cnblogs.com/keepmoving1113/p/12276021.html

(0)
(0)
   
举报
评论 一句话评论(0
关于我们 - 联系我们 - 留言反馈 - 联系我们:wmxa8@hotmail.com
© 2014 bubuko.com 版权所有
打开技术之扣,分享程序人生!