{"id":264,"date":"2020-08-10T19:44:03","date_gmt":"2020-08-10T11:44:03","guid":{"rendered":"http:\/\/note.systw.net\/note\/?p=264"},"modified":"2024-02-17T20:35:31","modified_gmt":"2024-02-17T12:35:31","slug":"owasp-vulnerabilities","status":"publish","type":"post","link":"https:\/\/systw.net\/note\/archives\/264","title":{"rendered":"OWASP Vulnerabilities"},"content":{"rendered":"\n<div class=\"wp-block-jetpack-markdown\"><h3>OWASP(Open Web Application Security Project)<\/h3>\n<p>\u4e3b\u8981\u8490\u96c6\u5404\u7a2e\u7db2\u9801\u5b89\u5168\u6f0f\u6d1e\uff0c\u4e26\u6b78\u7d0d\u51fa\u653b\u64ca\u5f31\u9ede\uff0c\u8cc7\u5b89\u554f\u984c\uff0c\u6392\u540d\uff0c\u9632\u7bc4\u63aa\u65bd\u7b49\u3002<\/p>\n<p>OWASP\u5e38\u63d0\u5230\u7684\u5f31\u9ede\u5305\u62ec\uff1a<\/p>\n<ul>\n<li>Injection<\/li>\n<li>XSS(Cross-Site Scripting)<\/li>\n<li>CSRF(Cross Site Request Forgery,\u8de8\u7ad9\u5192\u540d\u8acb\u6c42)<\/li>\n<li>XXE(XML External Entity Injection,XML\u5916\u90e8\u5be6\u9ad4\u6ce8\u5165)<\/li>\n<li>Insecure Deserialization(\u4e0d\u5b89\u5168\u7684\u53cd\u5e8f\u5217\u5316)<\/li>\n<li>Broken Authentication(\u7121\u6548\u7684\u8eab\u4efd\u8a8d\u8b49)<\/li>\n<li>Insecure Direct Object References(\u4e0d\u5b89\u5168\u7684\u7269\u4ef6\u53c3\u8003)<\/li>\n<li>Security Misconfiguration (\u4e0d\u7576\u7684\u5b89\u5168\u7d44\u614b\u8a2d\u5b9a)<\/li>\n<li>Sensitive Data Exposure (\u654f\u611f\u8cc7\u6599\u66b4\u9732)<\/li>\n<li>Using Components with Known Vulnerabilities(\u4f7f\u7528\u5df2\u77e5\u6f0f\u6d1e\u5143\u4ef6)<\/li>\n<\/ul>\n<p>\u00a0<\/p>\n<hr>\n<h3>Injection<\/h3>\n<p>\u5404\u7a2e\u6ce8\u5165\u653b\u64ca\uff0c\u5305\u62ecSQL injection , NoSQL injection, OS command injection, LDAP injection\u7b49<br>\n\u4e3b\u8981\u767c\u751f\u5728\u60e1\u610f\u8cc7\u6599\u8f38\u5165\u6642\uff0c\u6c92\u6709\u505a\u597d\u8cc7\u6599\u7684\u6aa2\u67e5\uff0c\u6240\u9020\u6210\u7684\u5f31\u9ede\u98a8\u96aa<\/p>\n<h4>command injection flaws<\/h4>\n<p>relay the malicious code through a web application to another system<br>\n\u624b\u6cd5\u540c SQL Injection\uff0c\u4f46\u900f\u904e\u547d\uf9a8\uf99c\u4e4b\u57f7\ufa08(\u5982 cmd.asp)\uff0c\u6700\u7d42\u53ef\u53d6\u5f97\u4e3b\u6a5f\u7ba1\uf9e4\u6b0a\u9650<br>\n\u56e0\u7ba1\uf9e4\u6b0a\u9650\u55aa\u5931\uff0c\u99ed\u5ba2\u53ef\u7d93\u7531\u6b64\u53d7\u99ed\u4e3b\u6a5f\u5411\u5167\u90e8\u5176\u9918\u7cfb\u7d71\u9032\ufa08\u653b\u64ca\u8207\u8cc7\uf9be\u7aca\u53d6<\/p>\n<h4>countermeasures<\/h4>\n<ol>\n<li>use language-specific libraries that avoid problems due to shell commands<\/li>\n<li>validate the data provided to prevent any malicious content<\/li>\n<li>structure requests so that all supplied parameters are treated as data,rather than potentialy executable content<\/li>\n<li>j2ee environments allow the use of the java sandbox,which can prevent the execution of system commands<\/li>\n<\/ol>\n<p>\u00a0<\/p>\n<hr>\n<h3>XXE<\/h3>\n<p>\u4ee5XML\u70ba\u57fa\u790e\u7684\u7db2\u8def\u61c9\u7528\u7a0b\u5f0f\u6c92\u6709\u505a\u597d\u7ba1\u63a7\u6b0a\u9650\uff0c\u76f4\u63a5\u8b80\u53d6\u5916\u90e8\u8cc7\u6e90\u63d0\u4f9b\u7684 XML \u6a94\u6848\u3002<\/p>\n<p>\u653b\u64ca\u8005\u63d0\u4f9b\u60e1\u610fXML\u6a94\u6848\u8b93\u7cfb\u7d71\u8b80\u53d6\uff0c\u5c31\u6709\u53ef\u4ee5\u9032\u884c\u6587\u4ef6\u7684\u5171\u4eab\u3001\u76e3\u807d\u5167\u90e8\u7db2\u8def\u3001\u57f7\u884c\u9060\u7aef\u7a0b\u5f0f\uff0c\u9032\u800c\u5c0e\u81f4\u8cc7\u6599\u5916\u6d29\uff0c\u6216\u7cfb\u7d71\u88ab\u99ed\u5ba2\u63a5\u7ba1\u3002<\/p>\n<p>\u00a0<\/p>\n<hr>\n<h3>Insecure Deserialization<\/h3>\n<p>\u99ed\u5ba2\u5c07\u653b\u64ca\u5b57\u4e32\u6ce8\u5165\u5e8f\u5217\u5316\u7684\u7d50\u69cb\u4e2d\uff0c\u4f7f\u5f97\u7db2\u7ad9\u4f3a\u670d\u5668\u89e3\u6790\u5f8c\u51fa\u73fe\u975e\u9810\u671f\u7684\u7d50\u679c\uff0c\u4e26\u57f7\u884c\u99ed\u5ba2\u8f38\u5165\u7684\u6307\u4ee4<\/p>\n<p>\u00a0<\/p>\n<hr>\n<h3>Broken Authentication<\/h3>\n<p>\u5e38\u767c\u751f\u5728\u8106\u5f31\u7684\u5e33\u6236\u8a8d\u8b49\uff0c\u6216\u4f7f\u7528\u4e0d\u5b89\u5168\u7684\u7ba1\u7406\u6a5f\u5236<br>\nex: \u767b\u5165\u672a\u52a0\u5bc6,Session\u7121\u63a7\u7ba1,Cookie\u7121\u4fdd\u8b77,\u2026\u7b49<\/p>\n<p>\u6b64\u554f\u984c\u6703\u9020\u6210\u5e33\u865f\u8eab\u5206\u76dc\u7528\uff0c\u6216\u8eab\u5206\u8a8d\u8b49\u6a5f\u5236\u7121\u6548\u5316\uff0c\u8b93\u653b\u64ca\u8005\u53ef\u5728\u4f3a\u670d\u5668\u505a\u5404\u7a2e\u65b0\u589e\u4fee\u6539\u522a\u9664\u67e5\u8a62\uff0c\u4e26\u63a7\u5236\u6574\u500b\u4e3b\u6a5f\u7b49\u3002<\/p>\n<p>\u00a0<\/p>\n<hr>\n<h3>Insecure Direct Object References<\/h3>\n<p>\u7db2\u7ad9\u76f4\u63a5\u900f\u904euser\u7684\u8f38\u5165\u4f86\u5b58\u53d6\u8cc7\u6e90,\u9019\u53ef\u8b93\u653b\u64ca\u8005\u4efb\u610f\u7684\u5b58\u53d6\u91cd\u8981\u6a94\u6848<\/p>\n<pre><code>ex:\n\u7a0b\u5f0f\u78bc\u6709\u4e00\u6bb5\u76f4\u63a5\u5beb\u5165\u5230\u6a94\u6848\n...omit\u2026\necho writefile($_GET['file']);\n...omit...\n\n\u6b63\u5e38\u7684\u60c5\u6cc1\u4e0b\nhttp:\/\/xxxxx\/report.php?file=2014report.txt\n\u5beb\u5165\u52302014report.txt\u9019\u500b\u6a94\u6848\n\n\u4f46\u60e1\u610f\u7684\u4f7f\u7528\u6703\u8b8a\u6210\u5982\u4e0b\nhttp:\/\/xxxxx\/report.php?file=index.html\n\u5beb\u5165\u5230index.html\u628a\u9996\u9801\u8986\u84cb?\n<\/code><\/pre>\n<p>\u00a0<\/p>\n<hr>\n<h3>Security Misconfiguration<\/h3>\n<p>\u7db2\u7ad9\u5b89\u5168\u6c92\u6709\u8a2d\u5b9a\u597d<br>\n\u5e38\u898b\u7684\u554f\u984c\u6709\u4ee5\u4e0b\u5e7e\u7a2e\uff1a<\/p>\n<h4>default password<\/h4>\n<p>\u9810\u8a2d\u5e33\u5bc6\u6c92\u6709\u522a\u9664\u6216\u66f4\u6539\uff0c\u653b\u64ca\u8005\u53ef\u900f\u904e\u5617\u8a66\u4e0d\u540c\u9810\u8a2d\u5e33\u5bc6\u7684\u65b9\u5f0f\u76f4\u63a5\u5165\u4fb5<\/p>\n<h4>directory traversal\/forceful browsing<\/h4>\n<p>\u672a\u95dc\u9589Directory listing\u529f\u80fd\u6216\u700f\u89bd\u6b0a\u9650\u6c92\u8a2d\u597d<br>\n\u653b\u64ca\u8005\u53ef\u627e\u51fa\u6240\u6709\u7db2\u7ad9\u4e0a\u7684\u6a94\u6848\uff0c\u6216\u5f97\u5230\u4f60\u7684\u539f\u59cb\u78bc<br>\ncountermeasure:\u8a2d\u5b9a\u5b58\u53d6\u6b0a\u9650,\u4fee\u88dc\u6f0f\u6d1e<\/p>\n<h4>error message interception<\/h4>\n<p>\u932f\u8aa4\u8a0a\u606f\u76f4\u63a5\u56de\u50b3\u5728\u4f7f\u7528\u8005\u9801\u9762\u4e0a\uff0c\u4f7f\u653b\u64ca\u8005\u5f97\u5230\u984d\u5916\u7684\u8cc7\u8a0a<br>\n\u900f\u904e\u700f\u89bd\u5668\u932f\u8aa4\u7684\u56de\u50b3\u503c\uff0c\u53ef\u5f97\u77e5\u7cfb\u7d71\u7684\u67b6\u69cb\u8207\u7248\u672c\u7b49\u8cc7\u8a0a\uff0c\u85c9\u4ee5\u8490\u96c6\u76f8\u95dc\u5f31\u9ede\u8cc7\u8a0a<\/p>\n<p>\u00a0<\/p>\n<hr>\n<h3>Using Components with Known Vulnerabilities<\/h3>\n<p>\u7db2\u7ad9\u4f7f\u7528\u6709\u554f\u984c\u7684\u7b2c\u4e09\u65b9\u7684\u5143\u4ef6\u6216\u51fd\u5f0f\u5eab<br>\n\u6709\u8a31\u591a\u5957\u4ef6\u7684\u7bc4\u4f8b\u7a0b\u5f0f\u6709\u6f0f\u6d1e\uff0c\u82e5\u6c92\u522a\u9664\u9019\u4e9b\u7bc4\u4f8b\u7a0b\u5f0f\uff0c\u653b\u64ca\u8005\u53ef\u900f\u904e\u7bc4\u4f8b\u7a0b\u5f0f\u7684\u6f0f\u6d1e\u5165\u4fb5<br>\ncountermeasures:\u96a8\u6642\u95dc\u5fc3third-party module\u7684\u6700\u65b0\u7248\u672c\u4e26\u6642\u5e38\u66f4\u65b0<\/p>\n<p>\u00a0<\/p>\n<hr>\n<h3>Sensitive Data Exposure<\/h3>\n<p>\u5e38\u898b\u7684\u6709\u4ee5\u4e0b<\/p>\n<h4>\u654f\u611f\u8cc7\u6599\u672a\u52a0\u5bc6\u5c31\u5132\u5b58<\/h4>\n<p>\u82e5\u7db2\u7ad9\u7684\u8cc7\u6599\u5eab\u88ab\u5165\u4fb5\u6642\uff0c\u5c07\u6703\u76f4\u63a5\u6d29\u6f0f\u51fa\u6bcf\u500b\u4eba\u7684\u654f\u611f\u8cc7\u6599\uff0c\u50cf\u5e33\u5bc6\u2026\u7b49<br>\ncountermeasures: \u5bc6\u78bc\u9808\u4f7f\u7528\u4e0d\u53ef\u9006\u7684\u6f14\u7b97\u6cd5\u52a0\u5bc6\u5f8c\u518d\u5b58\u5728\u8cc7\u6599\u5eab<\/p>\n<h4>cryptographic interception<\/h4>\n<p>\u7db2\u7ad9\u5728\u8207\u4f7f\u7528\u8005\u50b3\u8f38\u654f\u611f\u8cc7\u6599\u6642\u672a\u4f7f\u7528SSL\u52a0\u5bc6\u9023\u7dda\uff0c\u5c0e\u81f4\u50b3\u8f38\u6709\u53ef\u80fd\u88ab\u6514\u622a\u7aca\u807d\u9020\u6210\u4f7f\u7528\u8005\u7684\u5e33\u5bc6\u88ab\u76dc\u7528<br>\n\u96d6\u4f7f\u7528\u8907\u96dc\u7684 SSL \u52a0\u5bc6\uff0c\u4f46\u99ed\u5ba2\u53ef\u900f\u904e\u6a94\u6848\u66ab\u5b58\u6642\u7684\u758f\u5ffd\u53d6\u5f97\u672a\u53d7\u4fdd\u8b77\u7684\u6191\u8b49\u8cc7\u8a0a<br>\n\u5ba2\u6236\u5e33\u865f\u3001\u5bc6\u78bc\u8207\u4fe1\u7528\u5361\u7b49\u6a5f\u5bc6\u5916\u6d29\uff0c\u4e26\u53ef\u8a08\u7b97\u51fa\u52a0\u5bc6\u65b9\u5f0f\uff0c\u7aca\u53d6\uf901\u591a\u8cc7\u8a0a<br>\ncountermeasures:\u4f7f\u7528SSL\u5b89\u5168\u9023\u7dda\u4f86\u50b3\u8f38<\/p>\n<p>\u00a0<\/p>\n<p>refer<br>\nhttps:\/\/owasp.org\/www-project-top-ten\/<br>\nhttps:\/\/secbuzzer.co\/post\/116<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"","fifu_image_alt":"","_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[39],"tags":[],"class_list":["post-264","post","type-post","status-publish","format-standard","hentry","category-concept"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts\/264","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/comments?post=264"}],"version-history":[{"count":0,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts\/264\/revisions"}],"wp:attachment":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/media?parent=264"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/categories?post=264"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/tags?post=264"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}