Common Web Server Security Vulnerabilities

Major Web Server Vulnerabilities include physical path leakage, CGI Source Code leakage, directory traversal, arbitrary command execution, buffer overflow, denial of service, SQL injection, conditional competition, and cross-site scripting, it is similar to CGI vulnerabilities, but more places are actually different. However, no matter what the vulnerabilities are, security is an overall truth. Considering the security of Web servers, you must consider operating systems that work with them.

◆ Physical path Leakage

Physical path leakage is generally caused by an error in processing user requests by the Web server. For example, by submitting an ultra-long request or a specially crafted special request, or request a file that does not exist on the Web server. These requests share a common feature, that is, the requested file must belong to a CGI script rather than a static HTML page.

Another case is that some programs that display environment variables on the Web server incorrectly output the physical path of the Web server. This is a design issue.

◆ Directory Traversal

Directory Traversal is rare for Web servers. By attaching ".. /", or append" .. /", or append"... /", such as" .. \ "or" .. // "or even its encoding may lead to directory traversal. The previous situation is rare, but the following situations are much more common. The popular IIS secondary Decoding Vulnerability and Unicode Decoding Vulnerability can both be considered as a deformed encoding.

◆ Execute any command

Execute any command to execute any operating system command. There are two main situations. First, attackers can execute system commands by traversing directories, such as the secondary decoding and UNICODE Decoding Vulnerabilities mentioned above. The other is that the Web server parses user-submitted requests as SSI commands, resulting in arbitrary command execution.

◆ Buffer Overflow

The buffer overflow vulnerability must be familiar to everyone. It is nothing more than that the Web server does not properly process the ultra-long requests submitted by users. Such requests may include ultra-long URLs and ultra-long HTTP Header domains, or other ultra-long data. This vulnerability may cause execution of arbitrary commands or DoS, which generally depends on the constructed data.

◆ DoS

Denial of Service is generated for a variety of reasons, including ultra-long URLs, special directories, ultra-long HTTP Header domains, malformed HTTP Header domains, or DOS device files. The Web server terminates or suspends an error because it is overwhelmed or improperly handled when processing these special requests.

◆ SQL Injection

The SQL injection vulnerability is caused by programming. The background database allows the execution of dynamic SQL statements. Foreground applications do not perform necessary security checks on user input data or page submitted information (such as POST and GET. The characteristics of the database are irrelevant to the programming language of the web program. Almost all relational database systems and corresponding SQL languages face the potential threat of SQL injection.

◆ Conditional Competition

The competition conditions here are mainly for some management servers, which generally run as System or Root. When they need to use some temporary files, but do not check the file attributes before writing these files, it may lead to important system files being overwritten, even obtain control of the system.

◆ CGI Vulnerability

Security Vulnerabilities in CGI scripts, for example, sensitive information is exposed, some normal services provided by default are not closed, some service vulnerabilities are used to execute commands, applications have remote overflow, and non-General CGI program programming vulnerabilities.

The above article briefly analyzes the security risks of Web application systems, and of course there are more security vulnerabilities. Leaf reminds enterprise users based on web application transactions to seek professional security service teams or organizations to evaluate the risks of web application sites to reduce the risks of web application systems.

Related Articles]

• Common Vulnerabilities and attack methods in Web Applications

• How to defend against Web security?

• How far is the Web security product from our needs?