文件上传漏洞的攻击方法与防御措施研究
|
摘要
简述了当今社会信息安全的重要性,说明了渗透测试技术中文件上传漏洞的基本原理,列举了文件上传漏洞能够造成的危害,对文件上传漏洞进行详细分析。由于文件上传漏洞一般伴随着服务器解析漏洞出现,结合三种不同的Web应用容器(IIS、Apache、PHP)的解析漏洞,解释文件上传漏洞与服务器解析漏洞之间的关系,详细说明文件上传漏洞出现的原因;从Web站点的两种上传文件验证方式—客户端验证和服务器端验证阐述了相应的攻击技巧,通过对五种攻击方法(绕过客户端验证、绕过黑名单与白名单验证、绕过MIME验证、绕过目录验证和截断上传攻击)的具体实验描述了对文件上传漏洞的攻击过程,并给出了实验代码;最后针对实验中的攻击方法,提出了四类文件上传漏洞的有效防御措施,并对全文进行总结,对未来提出展望。
We briefly describe the importance of social network security in today's society,explain the basic principle of file upload vulnerability in penetration testing technology,list the hazards caused by file upload vulnerability,and analyze the file upload vulnerability in detail.Because the file upload vulnerability generally accompanies server parsing vulnerability,combined with the parsing vulnerabilities of three different Web application containers(IIS,Apache and PHP),we explain the relationship between file upload vulnerability and server parsing vulnerability,and the reasons why the vulnerability can be caused.Based on two ways to verify the uploaded files from Web sites:client authentication and server-side authentication,we illustrate the attack techniques,and based on five attack methods(bypassing client authentication,bypassing blacklists and whitelisting,bypassing MIME verification,bypassing directory verification,and truncating upload attack),we describe the process of attack on file upload vulnerability and give the experimental code.Finally,aiming at the attack methods in the experiment,we put forward four kinds of defensive measures for file upload vulnerability,summarizing full text,prospecting for future.
We briefly describe the importance of social network security in today's society,explain the basic principle of file upload vulnerability in penetration testing technology,list the hazards caused by file upload vulnerability,and analyze the file upload vulnerability in detail.Because the file upload vulnerability generally accompanies server parsing vulnerability,combined with the parsing vulnerabilities of three different Web application containers(IIS,Apache and PHP),we explain the relationship between file upload vulnerability and server parsing vulnerability,and the reasons why the vulnerability can be caused.Based on two ways to verify the uploaded files from Web sites:client authentication and server-side authentication,we illustrate the attack techniques,and based on five attack methods(bypassing client authentication,bypassing blacklists and whitelisting,bypassing MIME verification,bypassing directory verification,and truncating upload attack),we describe the process of attack on file upload vulnerability and give the experimental code.Finally,aiming at the attack methods in the experiment,we put forward four kinds of defensive measures for file upload vulnerability,summarizing full text,prospecting for future.
引文
[1]诸葛建伟,陈立波,孙松柏,等.Metasploit渗透测试魔鬼训练营[M].北京:机械工业出版社,2013:2-31.
[2]张炳帅.Web安全深度剖析[M].北京:电子工业出版社,2015:106-128.
[3]池阳,高健,周福才.基于ISAPI过滤器的Web防护系统[J].信息网络安全,2014(7):35-40.
[4]韦鲲鹏,葛志辉,杨波.PHP Web应用程序上传漏洞的攻防研究[J].信息网络安全,2015(10):53-60.
[5]王威.PHP网站安全性的分析研究及其在图片上传系统中的应用[D].北京:北京邮电大学,2011.
[6]白兴瑞,刘耀炎.高校WEB站点的上传漏洞分析及防范[J].衡水学院学报,2011,13(4):34-36.
[7]AMITY H,SALTZMAN R.Testing web applications for file upload vulnerabilities:U.S.,9009841[P].2015-04-14.
[8]YAO Chunlong,YIN Fengjiao,LI Xu,et al.Security analysis of PHP encoder[J].Journal of Networks,2013,8(10):2353-2360.
[9]刘鹏.PHP Web应用程序安全性研究及安全漏洞检测工具开发[D].西安:西安电子科技大学,2012.
[10]石刘洋,方勇.基于Web日志的Webshell检测方法研究[J].信息安全研究,2016,2(1):66-73.
[11]XU Mingkun,CHEN Xi,HU Yan.Design of software to search ASP Web Shell[J].Procedia Engineering,2012,29:123-127.
[12]SCHECHTER S,KRISHNAN M,SMITH M D.Using path profiles to predict HTTP requests[J].Computer Networks and ISDN Systems,1998,30(1-7):457-467.
[13]邱小果.编程实现基于Cookie验证的HTTP请求的发送[J].微型机与应用,2003,22(7):35-37.
[14]龙金辉,王坤杰.PHP网站文件上传的研究[J].电脑编程技巧与维护,2014(14):85.
[15]李万彪.ASP.NET 2.0中文件上传安全解决方案[J].电脑知识与技术,2009,5(8):1827-1828.
[16]马艳发.基于WAF入侵检测和变异WebShell检测算法的Web安全研究[D].天津:天津理工大学,2016.
[17]公安部信息安全等级保护评估中心.信息安全等级测评师培训教程[M].北京:电子工业出版社,2010:42-107.
[2]张炳帅.Web安全深度剖析[M].北京:电子工业出版社,2015:106-128.
[3]池阳,高健,周福才.基于ISAPI过滤器的Web防护系统[J].信息网络安全,2014(7):35-40.
[4]韦鲲鹏,葛志辉,杨波.PHP Web应用程序上传漏洞的攻防研究[J].信息网络安全,2015(10):53-60.
[5]王威.PHP网站安全性的分析研究及其在图片上传系统中的应用[D].北京:北京邮电大学,2011.
[6]白兴瑞,刘耀炎.高校WEB站点的上传漏洞分析及防范[J].衡水学院学报,2011,13(4):34-36.
[7]AMITY H,SALTZMAN R.Testing web applications for file upload vulnerabilities:U.S.,9009841[P].2015-04-14.
[8]YAO Chunlong,YIN Fengjiao,LI Xu,et al.Security analysis of PHP encoder[J].Journal of Networks,2013,8(10):2353-2360.
[9]刘鹏.PHP Web应用程序安全性研究及安全漏洞检测工具开发[D].西安:西安电子科技大学,2012.
[10]石刘洋,方勇.基于Web日志的Webshell检测方法研究[J].信息安全研究,2016,2(1):66-73.
[11]XU Mingkun,CHEN Xi,HU Yan.Design of software to search ASP Web Shell[J].Procedia Engineering,2012,29:123-127.
[12]SCHECHTER S,KRISHNAN M,SMITH M D.Using path profiles to predict HTTP requests[J].Computer Networks and ISDN Systems,1998,30(1-7):457-467.
[13]邱小果.编程实现基于Cookie验证的HTTP请求的发送[J].微型机与应用,2003,22(7):35-37.
[14]龙金辉,王坤杰.PHP网站文件上传的研究[J].电脑编程技巧与维护,2014(14):85.
[15]李万彪.ASP.NET 2.0中文件上传安全解决方案[J].电脑知识与技术,2009,5(8):1827-1828.
[16]马艳发.基于WAF入侵检测和变异WebShell检测算法的Web安全研究[D].天津:天津理工大学,2016.
[17]公安部信息安全等级保护评估中心.信息安全等级测评师培训教程[M].北京:电子工业出版社,2010:42-107.