Plug Web Vulnerability (ON)

Most security issues with Web Web are one of the following three types:


1. The server provides the public with services that should not be provided.





2. The server places the data that should be private into a publicly accessible area.





3. servers rely on data from unreliable data sources.





Obviously, many server administrators never look at their servers from another perspective, such as using port scanners. If they had done so, they would not have been running so many services on their own systems that would otherwise not have to be run on the machine that formally provided the Web service, or that they would otherwise be open to the public.





is often associated with this error by running some insecure protocols that can be used to steal information for maintenance purposes. For example, some Web servers often provide POP3 services to collect orders, or provide FTP services or even database services to upload new page content. In some places these protocols may provide security authentication (such as APOP) and even secure transmissions (such as the SSL version of Pop or FTP), but more often, people are using unsecured versions of these protocols. Some protocols, such as the mSQL database service, provide virtually no validation mechanism.




It's a good idea for Web administrators to
from outside the company and test and simulate attacks on their own websites to see what happens. Some services have been started in the default configuration after machine installation, or some services have been started due to installation and initial setup, and these services may not have been properly closed. For example, some system-provided Web servers provide programming demonstrations and system manuals on non-standard ports that often contain faulty program code and become a security risk. 　　 You should not run these services on a Web server that is officially running and accessible from the Internet, and be sure to close these services.





9.1web Server Common Vulnerability Introduction





Our goal is to introduce the common vulnerabilities of Web servers, I believe that I can try to find some Web server vulnerabilities. Remember, however, that you should not look for vulnerabilities in search of vulnerabilities. In addition, even if you find a loophole, whether you can use it or not is another matter.





The main vulnerabilities of Web servers include physical path leaks, CGI source code leaks, directory traversal, execution of arbitrary commands, buffer overflows, denial of service, conditional competition, and cross-site scripting vulnerabilities, some of which are similar to CGI vulnerabilities, but many are fundamentally different. However, whatever the loophole, it embodies the truth that security is a whole, considering the security of the Web server, you must take into account the operating system that matches it.





9.1.1 physical path leaks





physical path leaks are typically caused by a Web server handling a user request error, such as by submitting a lengthy request, or by a specially crafted special request, or by requesting a file that does not exist on a Web server. The common feature of these requests is that the requested file must be a CGI script, not a static HTML page.





There is also a situation where some of the Web server's programs that display environment variables incorrectly output the physical path of the Web server, which should be a design problem.





9.1.2 Directory Traversal





directory traversal is not more common for Web servers, by attaching "to any directory." /", or attached to a directory with special meaning". /", or attach". /"Some of the variants, such as". \ "or". "Even its encoding can result in directory traversal." The previous situation is rare, but the following are much more common, and last year's very popular IIS two-time decoding vulnerabilities and Unicode decoding vulnerabilities can be viewed as distorted encodings.





9.1.3 execute arbitrary commands





execution of arbitrary commands is the execution of arbitrary operating system commands, mainly including two cases. One is to execute system commands by traversing directories, such as the two-time decoding and Unicode decoding vulnerabilities mentioned earlier. The other is that the Web server resolves the request submitted by the user as an SSI instruction, resulting in the execution of arbitrary commands.





9.1.4 Buffer Overflow





Buffer overflow Vulnerability presumably everyone is familiar with the fact that the Web server did not properly handle the lengthy requests submitted by the user, which may include long URLs, long HTTP header fields, or other very long data. This vulnerability can lead to execution of arbitrary commands or denial of service, which generally depends on the constructed data.





9.1.5 denial of service





denial of service causes a variety of reasons, including very long URLs, special directories, very long HTTP header domain, malformed HTTP header domain or DOS device files. Because the Web server is overwhelmed or mishandled with these special requests, an error is terminated or suspended.





9.1.6 Condition Competition





Here's the condition competition is mainly for some management servers, such servers are typically run as system or root. When they need to use some temporary files, but before writing to these files, but not the properties of the file to check, can generally lead to important system files are rewritten, or even gain system control.




Safety
of
9.2cgi




Now let's talk about exactly what a CGI (Common Gate intergace) is. In physics, CGI is a program that runs on the server and provides an interface to the Customer segment HTML page. That's probably not a good idea. So let's look at a practical example: most of the people on the home page now have a message book. The job of the message book is this: first, the user input some information in the customer section, such as the name of things. Then the user click on the "message" (so far the work is on the client), the browser sent this information to the server's CGI directory in the specific CGI program, so the CGI program on the server in accordance with the intended method of processing. In this case, the information submitted by the user is stored in the specified file. The CGI program then sends a message to the client indicating that the requested task has ended. At this point, the user will see the words "End of message" in the browser. The whole process is over.





CGI is a common Gateway interface, which can be called a mechanism. So you can use different programs to write appropriate CGI programs that include Visual Basic, Delphi, or C + +, and you put your already-written programs running on the Web server's computer, The results are then transferred from the Web server to the client's browser. In fact, this is a difficult and inefficient way to prepare, because every time you modify a program you have to recompile the CGI program into an executable file.




Why
9.2.1 use CGI





CGI can provide us with many functions that HTML cannot do, such as:





1. A register of





2. Submission of customer information form and statistics





3. Search Program





4.Web Database





with HTML is no way to remember any of the customer's information, even if the user is willing to let you know. HTML is also the inability to record information in a particular file. CGI is used to record customer segment information on the server's hard disk. This is the most important role of CGI, which complements the lack of HTML. Yes, just a supplement, not a substitute.





9.2.2cgi Security Problem





in the computer field--especially on the Internet--although most Web servers are programmed to protect their content as much as possible, as long as there is a bit of security error in the CGI script--Password files, private data, and anything else--the intruder can access the computer. You can protect your interests by following simple rules and being wary of keeping your CGI scripts from being violated. The CGI security mentioned here includes two aspects, one is the security of the Web server, the other is the security
of the CGI language.




start with the classification of CGI problems, generally speaking, the CGI problem mainly has the following categories:





1. Exposure of sensitive or insensitive information;





2. Some of the normal services provided by default are not closed;





3. Use of certain service vulnerabilities to execute orders;





4. The application has a remote overflow;





5. Programming vulnerabilities for non-common CGI programs.








Here's a detailed description of the CGI vulnerability:





Configuration Error





here the configuration error mainly refers to the CGI program and data file permissions set improperly, which may lead to CGI source code or sensitive information leakage. Another common mistake is to install the CGI program without deleting the installation script, so that the attacker can remotely reset the data. A few days ago, "XX Grand alliance" forum many times by black is this low-level error caused.





Boundary Condition Error





This error is mainly for the C language of CGI, the use of this error, an attacker may initiate a buffer overflow attack, thereby elevating permissions.





Access Validation Error





This problem is mainly due to the fact that the conditions used for validation are not sufficient to determine the identity of the user, often resulting in unauthorized access, modifying or even deleting content that has no access rights. The method used to determine the identity of the user generally has two kinds, one is the account and password, one is session certification. The unsafe authentication methods include UserID authentication, cookie authentication and so on.





Source validation Error





more common use of this error is the way to attack the DOS, that is, denial of service attacks, such as we know the irrigation machine, that is, the use of CGI programs do not have the source of the article to verify, and thus uninterrupted hair, and finally caused the server hard disk full and hang.





Input Validation Error





This error causes the most security problems, mainly because no special characters are filtered. For example, no filter "%20" caused by malformed registration, no filter. /"often resulting in leaking system files, no filtering" $ "often leads to leaking sensitive information in the Web page, no filtering"; Often leads to execution of arbitrary system directives, without filtering "|" or "\ T" often results in text file attacks, no filtering "'" and "#" often result in SQL database attacks, no filtering "<" and ">" caused by Cross-site scripting attacks etc.





Unexpected processing failed





This error is also common, such as not checking the existence of the file directly open the device file causes the denial of service, does not check the existence of files to open the file extraction to compare and bypass authentication, context attacks resulting in arbitrary code execution.





Policy Error





This error is primarily due to the decision of the programmer who compiled the CGI program. If the original password generation mechanism is fragile, resulting in a poor password, which causes the password to be stored in a cookie to cause sensitive information to be compromised, the use of a different extension name extension with a CGI program to store sensitive information causes the file to be downloaded directly. The lost password module after confirming the user's identity directly lets the user revise the password instead of sends the password to the user's registered mailbox, when the login uses the account number and the encrypted password carries on the authentication causes the attacker not to need to know the user's original password to be able to login and so on.





habit Problem





programmer habits can also lead to security issues, such as using some text editors to modify CGI programs, which often generate a ". bak" file, which can cause the CGI source code to leak if the programmer does not delete the backup files after editing. In addition, if a programmer likes to place sensitive information (such as an account password) in a CGI file, the attacker may have read access to the CGI file (or use some of the attack methods described earlier) to cause sensitive information to leak.





Use error





is primarily a use of some functions, such as the "Die" function in Perl, which is most likely to cause a physical path to leak if you do not add "\ n" to the error message.