In writing this article, I and the team are dealing with the project vulnerability problem, found that these are details but easy to ignore in the process of project implementation, in view of this, I would like to summarize, to facilitate the subsequent occurrence of similar problems can be resolved in a timely manner.
1, any file upload vulnerability.
Description: Allowing a user to upload arbitrary files may allow an attacker to inject dangerous content or malicious code and run on the server.
Use: File upload can modify the suffix resulting in any file can be uploaded, any file upload will return success success.
Scenario: By getting the file stream to the file information header some special information to verify the judgment, so timely want to modify the file suffix can not deceive the clearance. Specific code operations can refer to this blog post,
Http://www.cnblogs.com/bojuetech/p/5907910.html
2.
login password PlainText transmission
Description: Login password plaintext transmission, cookie password CMD5 can be decrypted.
use: capture the package by grasping the package in the cookie found in the plaintext transmission of the user name and password, where the password can be decrypted through the CMD5, the vulnerability caused the login information disclosure.
Program: ① prohibit the user account password to be stored locally;
② background encryption to increase the threshold operation;
3.
Storage-type cross-site
Description: The Web program does not validate the input submitted by the attacker with executable code, and on some pages it returns to any user who accesses the Web program, causing the code to execute in the user's browser.
Exploit: Allow an attacker to inject dangerous content or malicious code
Scenario: 1, display user controllable data in JavaScript, need to translate user controllable data
2, the user input content for =mailto:[email protected]#$%^&* () _+|\=-{[}]:;"] ~!#$%^&* () _+|\=-{[}]:; "' <,>.? /filtering and substitution of these characters
4.
no security protection for cookies
Description: An attacker could exploit vulnerabilities such as XSS to obtain user cookie information and use its cookie information to log in to a user account
Use: To obtain test user cookie information based on XSS and discover that the user cookie is not httponly and other security protection. When the user exits the login, resend the data packet of the login access interface, can get the user login status directly
Scenario: 1, set the cookie HTTP only property;
2, directly remove the login page to save the password function;
5.
Apache Tomcat version Information disclosure
Description: The version information from which an attacker can value Apache Tomcat
Use: experienced developers or hacker can learn about the current site from these directories, such as developing languages, server systems, site structures, and even sensitive information. and attacks based on their version information and known public vulnerabilities
Scenario: Configure the Apche tomcat.
The above is a basic vulnerability, for these vulnerabilities temporarily give a general description, for the specific treatment, follow-up will be introduced concrete solutions to the idea and code.
Thanks for your support!
When doing web development, the front-end and back-end should pay attention to what details, which vulnerabilities are vulnerable?