Detailed explanation of Web server security attacks and protection mechanisms (1)
Web Server attacks often use Web server software and configuration vulnerabilities. The best practice for these vulnerabilities is to follow some methods to build and run Web servers. This article describes some methods to protect Web servers.
Web security is divided into two categories:
· Web Server Security (Web server security and software configuration ).
· Security of Web applications (security of Java, ActiveX, PHP, and ASP code running on Web servers ).
Web Server attacks
Web Server attacks take advantage of Common Vulnerabilities in Web server software and configuration. These vulnerabilities include:
· Buffer Overflow
· File directory traversal
· Script permission
· File directory browsing
· Sample code for default installation of Web server software
· Vulnerabilities in other software running on Web servers, such as SQL database software
Let's discuss appeal vulnerabilities in depth.
1. Buffer Overflow
Buffer overflow allows malicious code injection into applications, it damages the Application Stack-a place where the application code is stored in the memory-and replaces a part of the original code with different codes for the attacker's purpose, for example, running a Trojan Horse program or remotely controlling an application. The following is a simple sample code of the buffer overflow vulnerability, which is written in C language:
Char aTmp [100];
Scanf ("% s", aTmp );
In the first line, the programmer declares an array aTmp with a length of 100. In the second row, the scanf method reads data from the console and saves the data to the aTmp array. The Code does not check whether the % s variable can accommodate the size of the input data. Because the programmer's encoding process does not check the size of the input string, if the given input exceeds 100 characters, it will cause a buffer overflow. A well-constructed input may contain assembly code, which can obtain the same operation permissions as the source program.
2. Directory Traversal
Directory Traversal refers to accessing a directory (or folder) that is not originally imagined or allowed ). For example, the default folder of the Microsoft IIS Web site is C: \ inetpub. Attackers can exploit the directory traversal vulnerability to read files they should not have accessed outside the folder. For details, if there is a website with the website www.bad.com, its server code contains the directory traversal vulnerability. Attackers can exploit this vulnerability by entering the following URL:
Http://www.bad.com/../autoexec.bat
The ".../" in the URL tells the server to trace a directory, that is, the "C: \" Directory (the Web server can convert a slash to a backslash ). Therefore, if the default directory of the IIS server is "c: \ inetpub", the URL will be transferred to the "C: \" directory, and attackers will be able to see "c: \ autoexec. bat file. Unless the server is configured to avoid directory traversal, all directories may be accessible. In this case, the Web server displays the content of the "autoexec. bat" file, or any other file selected by the attacker.
It is worth noting that we have used IIS as an example. However, this vulnerability is not used for IIS servers, and directory traversal is also found on other Web servers.