我们最近有人联系我们的公司,指出我们有很多安全威胁可以用来利用我们的系统。 他们非常好,提供了我们现在正在研究的这些列表,但是由于我们没有特别指定安全的人,所以我正在研究这些以便更好地理解这些列表。
虽然他提供了很多,但其中一个例子如下。 我不明白的是GET中的这个URL是如何串在一起的? 在“publicservers.php”中,它只是回声数据(没有数据库连接/等),没有任何内容。 “/fonts/game-servers.php/reset.css”是如何被附加到这个文件来创build一个漏洞?
Request GET /publicservers.php/fonts/game-servers.php/reset.css?1=null'%20UNION%20SELECT%208%2C%20table_name%2C%20'vega'%20FROM%20information_schema.tables%20WHERE%20table_name%20like'%25 Resource Content <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>403 Forbidden</title> </head><body> <h1>Forbidden</h1> <p>You don't have permission to access /publicservers.php/fonts/game-servers.php/reset.css on this server.</p> <p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p> </body></html> Discussion I have detected a possible SQL injection vulnerability. These vulnerabilities are present when externally-supplied input is used to construct a SQL query. If precautions are not taken, the externally-supplied input (usually a GET or POST parameter) can modify the query string such that it performs unintented actions. These actions include gaining unauthorized read or write access to the data stored in the database, as well as modifying the logic of the application. Impact Vega has detected a possible SQL injection vulnerability. These vulnerabilities can be exploited by remote attackers to gain unauthorized read or write access to the underlying database. Exploitation of SQL injection vulnerabilities can also allow for attacks against the logic of the application. Attackers may be able to obtain unauthorized access to the server hosting the database. Remediation The developer should review the request and response against the code to manually verify whether or not a vulnerability is present. The best defense against SQL injection vulnerabilities is to use parameterized statements. Sanitizing input can prevent these vulnerabilities. Variables of string types should be filtered for escape characters, and numeric types should be checked to ensure that they are valid. Use of stored procedures can simplify complex queries and allow for tighter access control settings. Configuring database access controls can limit the impact of exploited vulnerabilities. This is a mitigating strategy that can be employed in environments where the code is not modifiable. Object-relational mapping eliminates the need for SQL. /de/reset.css?1=null'" /de/style-custom.css?1=null'" /games/bf4.php/style-custom.css?1=null'" /publicservers.php/fonts/game-servers.php/reset.css?1=null'%20UNION%20SELECT%208%2C%20table_name%2C%20'vega'%20FROM%20information_schema.tables%20WHERE%20table_name%20like'%25 \ /publicservers.php/fonts/game-servers.php/style.css?1='%20AND%201=2%20--%20 /publicservers.php/fonts/images/images/reset.css?1=null'" /publicservers.php/fonts/images/images/style.css?1='%20AND%201=2%20--%20 /publicservers.php/fonts/images/style.css?1=null"%20UNION%20SELECT%208%2C%20table_name%2C%20'vega'%20FROM%20information_schema.taables%20WHERE%20taable_name%20like'%25 /publicservers.php/fonts/images/style-custom.css?1='%20AND%201=2%20--%20 /publicservers.php/fonts/js/images/style.css?1=9-8 /publicservers.php/fonts/js/style.css?1=9%201%20- /publicservers.php/fonts/reset.css?1=null%20AND%201=2%20--%20 /publicservers.php/fonts/style-custom.css?1=null'" /publicservers.php/js/account-logins.php/fonts/style.css?1=null%20AND%201=2%20--%20 /publicservers.php/js/account-logins.php/fonts/style-custom.css?1=null'" /publicservers.php/js/account-logins.php/reset.css?1=null%20AND%201=2%20--%20 /publicservers.php/js/account-logins.php/style.css?1='%20AND%201=2%20--%20 Parameter 1 Method GET Risk High 编辑
正如评论中所要求的,这是另一个。 第一个是他们提到的最高威胁之一,其次是最高的。
Request GET /publicservers.php/reset.css?1=null"`true`" Discussion Command injection vulnerabilities often occur when inadequately sanitized externally supplied data is as part of a system command executed through a command interpreter, or shell. Vulnerabilities such as these can be exploited by using shell metacharacters to run additional commands that were not intended to be executed by the application developer. The system() function, and derivatives, are often responsible, as these functions are very simple to use. These vulnerabilities can grant remote access to attackers, if exploited successfully. Impact I have detected a possible command injection vulnerability. Attackers may be able to run commands on the server. Exploitation may lead to unauthorized remote access. Remediation Developers should examine the code corresponding to the page in detail to determine if the vulnerability exists. Execution of system commands through a command interpreter, such as with system(), should be avoided. If absolutely necessary, the developer should take extra care with validating the input before it is passed to the interpreter. /publicservers.php/reset.css?1=null'true' /de/images/"`true`" /publicservers.php/js/services/style-custom.css?1=null`true` /publicservers.php/js/account-logins.php/reset.css?1=null`true` /publicservers.php/js/js/fonts/reset.css?1=null`true` /publicservers.php/js/js/fonts/reset.css?1=null"`true`" /publicservers.php/js/services/js/style-custom.css?1=null"`true`" /games/terraria-old.php/images/banners/"`true`" /publicservers.php/js/services/services/style.css?1=null`true`