{"id":397,"date":"2020-08-14T19:53:00","date_gmt":"2020-08-14T11:53:00","guid":{"rendered":"http:\/\/note.systw.net\/note\/?p=397"},"modified":"2024-02-17T20:35:38","modified_gmt":"2024-02-17T12:35:38","slug":"web-app-vulnerabilities","status":"publish","type":"post","link":"https:\/\/systw.net\/note\/archives\/397","title":{"rendered":"Web APP vulnerabilities"},"content":{"rendered":"\n<p><strong>\u5f31\u9ede\u53ef\u9020\u6210\u7684\u5a01\u8105\u5305\u62ec<\/strong><br>defacing websites<br>stealing credit card information<br>exploiting server-side scripting<br>exploiting buffer overflows<br>dns attack<br>dos\/ddos attack<br>employ malicious code&nbsp;<\/p>\n\n\n\n<p><strong>\u5f31\u9ede\u5728WEB\u653b\u64ca\u6d41\u7a0b\u7684\u4f4d\u7f6e&nbsp;&nbsp;<br><\/strong>1 scanning<br>2 information gathering<br><strong>3 testing&nbsp;vulnerabilities<\/strong><br>4 planning the attack<br>5 launching the attack<\/p>\n\n\n\n<p><\/p>\n\n\n\n<p>&#8230;<\/p>\n\n\n\n<p><\/p>\n\n\n\n<p><strong>vulnerabilities \u5305\u62ec\u00a0<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/systw.net\/note\/af\/sblog\/more.php?id=363\" target=\"_blank\" rel=\"noreferrer noopener\">OWASP top10&nbsp;vulnerabilities<\/a><\/li>\n\n\n\n<li>cookie\/session poisoning<\/li>\n\n\n\n<li>parameter\/form tampering<\/li>\n\n\n\n<li>buffer overflow<\/li>\n\n\n\n<li>directory travesal\/forceful browsing<\/li>\n\n\n\n<li>cryptographic interception<\/li>\n\n\n\n<li>cookie snooping<\/li>\n\n\n\n<li>authentication hijacking<\/li>\n\n\n\n<li>log tampering<\/li>\n\n\n\n<li>attack obfuscation<\/li>\n\n\n\n<li>web services attacks<\/li>\n<\/ul>\n\n\n\n<p>&#8230;&nbsp;<\/p>\n\n\n\n<p><strong>cookie\/session poisoning<\/strong><br>allows an attacker to inject the malicious content,modify the user&#8217;s on-line experience,and obtain the unauthorized information<br>\u99ed\u5ba2\u900f\u904e\u4fee\u6539 Cookie \u6216 Session \u4e2d\u6578\u503c\uff0c\u8f3e\u8f49\u53d6\u5f97\u4ed6\u4eba\u6b0a\u9650\u6216\u6a5f\u5bc6\u8cc7\u6599<br>\u5ba2\u6236\u6a5f\u5bc6\u8cc7\u6599\u5916\u6d29\u3001\u5bc6\u78bc\u906d\u7ac4\u6539\uff0c\u4e26\u53ef\u900f\u904e\u8f03\u9ad8\u6b0a\u9650\u7528\u6236\u9032\u884c\u5176\u4ed6\u653b\u64ca\u884c\u70ba<\/p>\n\n\n\n<p><strong>countermeasures<\/strong><br>1.\u52a0\u5bc6cookie<br>2.implement cookie&#8217;s timeout<br>3.cookie&#8217;s\u9700\u7d81ip<\/p>\n\n\n\n<p>&#8230;<\/p>\n\n\n\n<p><strong>cookie snooping<\/strong><br>\u56e0 Cookie \u5e38\u4ee5\u7c21\u55ae\u52a0\u5bc6\u5132\u5b58\u65bc\u4f7f\u7528\u8005\u7aef\uff0c\u99ed\u5ba2\u53ef\u900f\u904e\u7834\u89e3\u5176\u52a0\u5bc6\u53d6\u5f97\u500b\u4eba\u6a5f\u5bc6\u8cc7\u8a0a<br>\u500b\u4eba\u8cc7\u8a0a\u906d\u7aca\u53d6\uff0c\u4efb\u610f\u522a\u9664\u6216\u8b8a\u66f4\u4f7f\u7528\u8005\u6b0a\u9650\uff0c\u4e26\u9032\u884c\u4e0d\u5408\u6cd5\u4ea4\u6613<br>ps:<br>\u4e00\u822ccookie\u7de8\u78bc\u4e26\u975e\u52a0\u5bc6,\u6703\u4f7f\u7528\u7c21\u55ae\u7684base64\u6216rat13,\u8981\u89e3\u56de\u4f86\u5341\u5206\u5bb9\u6613<\/p>\n\n\n\n<p><strong>countermeasure<\/strong><br>1.\u52a0\u5bc6cookie<br>2.cookie\u7d81ip<br>3.\u4f7f\u7528ssl<\/p>\n\n\n\n<p>&#8230;&nbsp;<\/p>\n\n\n\n<p><strong>parameter\/form tampering<\/strong><br>a simple form of attack aimed directly at the application&#8217;s business logic<br>takes advantage of the hidden fields that work as the only security measure in some application<br>\u99ed\u5ba2\u7d93\u7531 Parameter \u6216 Form \u8f38\u5165\u4e4b\u53c3\u6578\u8b8a\u66f4\uff0c\u7d93\u7531\u975e\u6b63\u5e38\u65b9\u5f0f\u53d6\u5f97\u8cc7\u8a0a<br>\u5ba2\u6236\u6a5f\u5bc6\u8cc7\u6599\u5916\u6d29\u3001\u5bc6\u78bc\u906d\u7ac4\u6539\uff0c\u4e26\u53ef\u53d6\u5f97\u66f4\u9ad8\u6b0a\u9650\u4e4b\u4f7f\u7528\u8005\u5e33\u6236<strong><br>countermeasures<\/strong><br>field validity checking<\/p>\n\n\n\n<p>&#8230;<\/p>\n\n\n\n<p><strong>authentication hijacking<\/strong><br>\u99ed\u5ba2\u53ef\u7d93\u7531\u4e0d\u5b89\u5168\u7684\u6191\u8b49\u7ba1\u7406\uff0c\u53d6\u5f97\u5408\u6cd5\u4f7f\u7528\u8005\u7684\u6b0a\u9650<br>\u4f7f\u7528\u8005\u6b0a\u9650\u906d\u7aca\u53d6\uff0c\u4efb\u610f\u8b8a\u66f4\u522a\u9664\u4f7f\u7528\u8005\u8cc7\u8a0a\u6216\u5bc6\u78bc\uff0c\u4e26\u53d6\u5f97\u975e\u6cd5\u670d\u52d9\u5167\u5bb9<\/p>\n\n\n\n<p><strong>countermeasure<\/strong><br>1.\u4f7f\u7528secure channel<br>2.\u4f7f\u7528ssl<\/p>\n\n\n\n<p>&#8230;<\/p>\n\n\n\n<p><strong>buffer overflow<\/strong><br>the corrupt execution stack of a web application<br>\u4ee5\u61c9\u7528\u7a0b\u5f0f\u8a2d\u8a08\u6642\u4e4b\u758f\u5ffd\uff0c\u4f7f\u5176\u51fa\u73fe\u7de9\u885d\u5340\u6ea2\u4f4d\u932f\u8aa4\uff0c\u4e26\u540c\u6642\u57f7\u884c\u975e\u6cd5\u7a0b\u5f0f<br>\u53ef\u65bc\u4e3b\u6a5f\u7aef\u76f4\u63a5\u5efa\u7acb\u6700\u9ad8\u7ba1\u7406\u6b0a\u9650\uff0c\u4e26\u690d\u5165\u9593\u8adc\u7a0b\u5f0f\uff0c\u9032\u884c\u64f4\u6563\u653b\u64ca\u884c\u70ba<\/p>\n\n\n\n<p><strong>countermeasure<\/strong><br>1.validate input length in forms<br>2.using stackguard or stackshield<\/p>\n\n\n\n<p>&#8230;<\/p>\n\n\n\n<p><strong>attack obfuscation<\/strong><br>\u5c07\u539f\u672c\u7684\u653b\u64ca\u4f7f\u7528url-encoding,unicode\u6216utf-8\u7de8\u78bc,\u6216\u5207\u584a\u5728\u505a\u5176\u4ed6\u6539\u8b8a\u7279\u5fb5\u4e4b\u985e\u7684\u52d5\u4f5c&#8230;\u7b49,\u4ee5\u907f\u514d\u88ab\u5075\u6e2c\u5230<\/p>\n\n\n\n<p>\u99ed\u5ba2\u5c07\u653b\u64ca\u7684\u7a0b\u5f0f\u78bc\u7d93\u507d\u88dd\u50b3\u9001\u81f3\u61c9\u7528\u7a0b\u5f0f\u7aef\uff0c\u4ee5\u9032\u884c\u5404\u7a2e\u653b\u64ca\u884c\u70ba<br>\u53ef\u65bc\u7cfb\u7d71\u4e0a\u690d\u5165\u9593\u8adc\u7a0b\u5f0f\uff0c\u56de\u50b3\u5404\u7a2e\u6a5f\u5bc6\u8cc7\u8a0a\uff0c\u4e26\u900f\u904e\u5167\u90e8\u7db2\u8def\u653b\u64ca\u5176\u4ed6\u4e3b\u6a5f\u7cfb\u7d71<\/p>\n\n\n\n<p><strong>countermeasures<\/strong><br>thoroughly inspect all traffic<br>block or translate unicode,utf8,url-encoding to detect attacks&nbsp;<\/p>\n\n\n\n<p>&#8230;<\/p>\n\n\n\n<p><strong>log tampering<\/strong><br>\u99ed\u5ba2\u900f\u904e\u8b8a\u66f4\u9023\u7d50\u8a18\u9304\uff0c\u8a98\u4f7f\u7cfb\u7d71\u81ea\u52d5\u522a\u9664\u6216\u8b8a\u66f4\u5165\u4fb5\u7684\u75d5\u8de1<br>\u9023\u7d50\u8a18\u9304\u4e4b\u8b8a\u66f4\uff0c\u4f7f\u7cfb\u7d71\u7ba1\u7406\u54e1\u7121\u6cd5\u67e5\u8a62\u6216\u8ffd\u8e64\u99ed\u5ba2\u653b\u64ca\u7684\u7d00\u9304\uff0c\u66f4\u7121\u6cd5\u9032\u884c\u8490\u8b49<\/p>\n\n\n\n<p>attacker \u653b\u64ca\u5b8c\u5f8c,\u6703\u4fee\u6539\u6216\u522a\u9664log,\u6216\u5927\u91cf\u585e\u8cc7\u6599\u7d66log,\u5c0e\u81f4\u7ba1\u7406\u8005\u7121\u6cd5\u6b63\u5e38\u5206\u6790log<\/p>\n\n\n\n<p><strong>countermeasure<\/strong><br>\u4f7f\u7528\u6578\u4f4d\u7c3d\u7ae0<\/p>\n\n\n\n<p>&#8230;<\/p>\n\n\n\n<p><strong>web services attacks<\/strong><br>\u99ed\u5ba2\u5229\u7528\u5404\u7a2e\u5df2\u77e5\u670d\u52d9\u5f31\u9ede\u9032\u884c\u653b\u64ca\uff0c\u4ee5\u53d6\u5f97\u7ba1\u7406\u6b0a\u9650\u6216\u9032\u884c\u8cc7\u6599\u8b8a\u66f4<br>\u85c9\u4ee5\u53d6\u5f97\u7ba1\u7406\u6b0a\u9650\u6216\u690d\u5165\u975e\u6cd5\u7a0b\u5f0f\uff0c\u7aca\u53d6\u672c\u6a5f\u8cc7\u8a0a\uff0c\u4e26\u653b\u64ca\u5176\u9918\u61c9\u7528\u7a0b\u5f0f\u4f3a\u670d\u5668&nbsp;<\/p>\n\n\n\n<p><strong>countermeasures<\/strong><br>shutdown unnecessary services<\/p>\n\n\n\n<p>&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;..<\/p>\n\n\n\n<p><strong>\u5f31\u9ede\u6aa2\u6e2ctool:burp suite<\/strong><br>\u529f\u80fd:<br>\u3000\u542b\u591a\u7a2e\u7db2\u8def\u5b89\u5168\u5de5\u5177<br>\u3000\u53ef\u627e\u51fa\u7db2\u7ad9\u5167\u6240\u6709\u9023\u7dda<br>\u3000\u6709\u7db2\u7ad9\u5f31\u9ede\u6383\u63cf<br>\u3000\u542b\u7db2\u7ad9\u653b\u64ca\u529f\u80fd<br>\u3000\u53ef\u6514\u622ahttp request\u4e26\u66f4\u6539<br>\u5e38\u898b\u7684\u6709\u4ee5\u4e0b<br>\u3000burp:positioning palyload<br>\u3000burp proxy:intercepting http\/s traffic,\u53ef\u770b\u66fe\u7d93\u9023\u904e\u90a3\u908a<br>\u3000burpsuit:<\/p>\n\n\n\n<p><strong>\u5176\u4ed6\u6aa2\u6e2ctool\u6709<\/strong><br>instant source:edit web page code tool<br>wget:\u4e00\u6b21\u6aa2\u67e5\u591a\u500b\u7db2\u9801\u5f88\u6709\u6548\u7387<br>websleuth:\u770bweb page\u7d50\u69cb<br>blackwidow: \u770bweb\u7d50\u69cb\u505a\u5206\u6790<br>sitescope:\u770b\u73fe\u5728\u7db2\u8def\u72c0\u6cc1<br>wsdigger:web services test,\u6e2c\u8a66sql injection,xss<br>cookiedigger:\u6bd4\u5c0dcookie<br>ssl digger:\u5206\u6790ssl\u5f37\u5ea6<br>windowbomb:hacking tool,\u8996\u7a97\u70b8\u5f48<br>curl:hacking tool,a multi-protocol transfer library<\/p>\n\n\n\n<p><strong>\u76f8\u95dc\u9632\u8b77\u8207\u6383\u63cftool-OWASP\u63d0\u4f9b<\/strong><br>webgoat:\u53ef\u5e6b\u52a9\u5b78\u7fd2web vulnerability<br>webscarab:\u53ef\u622a\u53d6\u4e00\u4e9b\u8cc7\u8a0a,\u53ef\u5e6b\u52a9\u5b78\u7fd2<br>zap attack proxy:\u542bscan,intercepting proxy,spider,&#8230;\u7b49,\u985e\u4f3cparos proxy<\/p>\n\n\n\n<p><strong>\u76f8\u95dc\u9632\u8b77\u8207\u6383\u63cftool\u6709<\/strong><br>paros proxy:\u53ef\u622a\u53d6\u4e26\u4fee\u6539\u7db2\u9801\u5167\u5bb9<br>dotdefender:web application firewall<br>acunetix web scanner:web vulnerability scanner<br>appscan:web application scanner,made by ibm<br>accessdiver:test tool<br>falcove web vulnerability scanner:<br>netbrute:\u53efscan\u591a\u4e3b\u6a5f,smb<br>emsa web monitor:\u770bweb\u9023\u7dda\u72c0\u614b<br>keepni:\u770b\u7db2\u9801\u73fe\u5728\u72c0\u6cc1<br>watchfire appscan:made by ibm<br>webwatchbot:monitor tool<br>ratproxy:audit tool<br>mapper<\/p>\n\n\n\n<p><\/p>\n\n\n\n<p>refer<br>http:\/\/mmdays.com\/2013\/12\/11\/owasp_top_10\/<br>\u4e0a\u8ab2\u8b1b\u7fa9:\u9762\u5c0d\u4f01\u696dWeb\u5316\u8da8\u52e2\uff0c\u5982\u4f55\u8499\u5176\u5229\uff0c\u907f\u5176\u5bb3<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u5f31\u9ede\u53ef\u9020\u6210\u7684\u5a01\u8105\u5305\u62ecdefacing websitesste &#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"","fifu_image_alt":"","_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[39],"tags":[],"class_list":["post-397","post","type-post","status-publish","format-standard","hentry","category-concept"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts\/397","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/comments?post=397"}],"version-history":[{"count":0,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts\/397\/revisions"}],"wp:attachment":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/media?parent=397"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/categories?post=397"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/tags?post=397"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}