Web Common Security vulnerabilities

1.XSS (cross_site scripting) Cross-site scripting attacks by adding malicious code to a Web page, when a visitor browses to a Web page, the malicious code is executed or a message is sent to the administrator to entice the administrator to browse, thereby gaining administrator privileges and controlling the entire site. 1, non-persistent type through GET, POST, Referer and other parameters are not processed directly output to the page execution. This type is the most common, and attackers use this type primarily to send a hidden link to a user via email, a very hot forum, or a targeted person, to trigger a hit by the victim. Eg:http://xxxxxxx "><script>alert (1) </script><s=" 2 ", persistent type is stored in the database by the attacker input malicious data, and then the server script program reads the data from the database. It is then displayed on a fixed page that is publicly displayed, so all users browsing the page will be attacked. This type of attack is very large and dangerous. Eg: Generally, some keywords of the very label to filter, such as script\javscript\onerror\expression and other keywords, but for IE reasons, used in style. The expression keyword inside the attribute, if changed into Expr/**/ession, can also be performed by feature 3, Dom type by JavaScript. Scripts are created dynamically, output to a page. This type is not easy to discover, has the hidden characteristic, must discover by hand. 4, browser vulnerabilities in a browser version of the vulnerability caused by browsing through the user browsing history, page interaction and other means, without processing, caused by. This vulnerability attack is very harmful, once the existence, the basic can achieve cross-domain operation, serious people can execute JavaScript with local permissions. Script to access the read local file. Eg:http://www.google.cn/search?q= ' "><script>alert (/xss/) </script>< '
2.CSRF (Cross_site request forgery) cross-station solicitation forgery (CSRF) is a kind of attack method that allows an attacker to send arbitrary HTTP requests through the victim. The victim referred to here is an unwitting accomplice, and all forgery requests are initiated by him, not by the attacker. In this way, it is difficult to determine which requests are part of a cross station request forgery attack. Eg: The following request: Get http://bank.com/transfer.do?acct=jim&amount=10000 http/1.1 can be forged: Http://bank.com/transfer.do? acct=mak&amount=100000 The purpose of the attack by enticing the user to click on a forged link. Precautionary approach: 0, use post instead of get to submit form, use $_post instead of $_request when processing form submission. 1. Using form forms to replace a label submission (adding token to the href parameter of a will pose a risk because the back page can get the full URL of the source page via Referer).

2, in a particularly important location using HTTPS for data transmission.

3.sqlInjection SQL injection attacks include inserting or "injecting" SQL queries through input data from the client's application. A successful SQL injection attack can read sensitive data from the database, modify the database data (insert/update/delete), execute the Administration business database (such as shutting down the database management system), reclaim the content, a given file of the existing database management System file system, in some cases, The operating system that issued the command. Vulnerability Formation reason: 1. Use string joins in your application to combine SQL directives. 2. Use an account that is too large when the application links to the database (for example, many developers prefer to connect to the Microsoft SQL Server database with the SA (the built-in highest-privileged system administrator account). 3. Unnecessary but powerful features are open in the database (for example, xp_cmdshell extensions stored in a Microsoft SQL Server database, or OLE Automation stored procedures, etc.) 4). Too trusting the data entered by the user, not restricting the number of characters entered, and checking for potential instructions for data not entered by the user. Attack Mode: Value: or 1=1 or 1=2 string: ' or ' 1 ' = ' 1 ' or ' 1 ' = ' 2 possible damage: 1. The data in the data table, such as personal confidential data, account data, password and so on. 2. Data structures are exploited by hackers to make further attacks (for example, select * from Sys.tables). 3. The database server is attacked and the system administrator account is tampered with (for example, alter LOGIN SA with password= ' xxxxxx '). 4. After obtaining a high level of system privileges, it is possible to add malicious links and XSS to the Web page. 5. Operating system support provided by the database server allows hackers to modify or control the operating system (for example, xp_cmdshell "net stop IISAdmin" can stop the server's IIS service). 6. Destroys the hard drive data and paralyzes the whole system (e.g. xp_cmdshell "FORMAT C:").
Prevention Method 1). When you design your application, you are using parameterized queries (parameterized query) to design data access features entirely. 2. When composing a SQL string, replace the passed-in parameter with a character (replace the single quote character with a continuous 2 single quote character).
4.Ajax security to be perfected ... 5.Javascript. Security to be perfected ... 6.Access control to be perfected ... 7.Flash security to be perfected ... 8.RSS security 9.Brute Force attack to be perfected ... 10.Local File iclusion to be perfected ... 11.Remote File iclusion to be perfected ... 12.File Upload Common mode of attack: 1 code does not make any restrictions, direct upload of malicious file 2 code when checking the type of file, bypassing file type restrictions eg: Modifying the Content-type:text/plain field in post packets Content-type:image/gif 3 Code checks the contents of the file, bypassing the contents check eg: making a fully valid image file containing some malicious code 4 the code checks the file extension to circumvent the file name extension guard: 1, using PHP The getimagesize () function validates the picture type. 2, to verify the extension of uploaded files, white list, blacklist, preferably using the white list. 3, when users upload files to the server to save, must use random file names (such as MD5 (Time + formerly)) for storage, and to ensure that the stored extension is valid. To ensure the conflict of file names, but also to ensure the security of storage, to prevent the upload file illegal extension to resolve. 4, the search file can not be saved on the Web server, put to the specified server.
13.URL redirection URL Jump Vulnerability (URL redirection attacks), refers to a remote attacker through the site vulnerability, the user's browser to redirect the normal URL to the malicious Web site, the majority of attackers exploited this vulnerability for phishing attacks. Eg:http://www.xxx.com/login.htm?para1=&para2=&directurl=http://www.baidu.com the URL using redirect to jump to the Baidu home page. General Security URL Recognition will only verify the domain name section, that is, the example of the Www.xxx.com prevention method: 1, the need to jump the URL to verify 2, the use of white list filter URL
14.Phishing "Fishing" is to make similar pages to achieve the purpose of deception. To be perfected ... 15.Code Execution to be perfected ... 16.command_injection to be perfected ... 17.Application error message information leakage refers to the application of the bug, or because the attacker to the program parameters such as input interface to fill illegal data, so that the program crashes, output some debugging information and source code and other data. When the attacker gets this data, they can learn a lot of privacy sensitive data, and then combine other vulnerabilities for the next attack. Information leakage is divided into a variety of leakage methods, generally common for: 1, physical path leakage when an attacker enters illegal data through an interface, the application errors and returns the physical path to the Web site. This information can be exploited by an attacker to get Webshell directly through a local file containing vulnerability. 2, the program use version of the leak by transmitting a large number of data, the application error, and return to the application version. Attackers use this information to locate official vulnerabilities and exploit existing Expolit code to implement the attack. 3, source code leakage using the program extension to resolve defects, access to hidden files, and get the source code. or through the program bugs, directly back to the source code, access to important data, and then implement the next attack. 4, other information such as the return of the use of Third-party software information, such as the program using the Zend Framework, database use, such as MySQL. 18.HTTP Response splitting to be perfected ... 19.CALLBACK-XSS to be perfected ...