1.危險性的上傳漏洞
1. Dangerous upload vulnerabilities這個也要分三類:
This also needs to be divided into three categories:
一類是上傳的地方無任何身份驗證,而且可以直接上傳木馬。
One type is that the uploaded location does not have any authentication and can be directly uploaded to a Trojan.
一類是只是注冊一個賬戶就可以上泥桿 保定古箏 塑料增韌劑 拱形護坡模具 保定空調維修 托輥生產線傳的,然后上傳的地方也沒有做好過濾。
One type is simply registering an account to upload, and the upload location is not properly filtered.
一類是管理員后臺的認證上傳的。
One type is uploaded through authentication in the administrator's backend.
當然有的上傳可以直接上傳腳本木馬,有的經過一定的處理后才可以上傳腳本木馬。無論怎樣這是很多攻擊者都是通過上傳拿下網站的權限。
Of course, some uploads can directly upload script trojans, while others can only upload script trojans after certain processing. Regardless, many attackers obtain website permissions by uploading.
2.注入漏洞
2. Injection vulnerability
各種腳本的注入漏洞利用方法跟權限都有所差異。危險的可以直接威脅到服務器系統權限。普通的注入可以爆出數據庫里面的賬戶信息。從而得到管理員的密碼或其他有利用的資料。如果權限高點可以直接寫入webshell,讀取服務器的目錄文件,或者直接加管理賬戶,執行替換服務等等攻擊。
The injection vulnerability exploitation methods and permissions of various scripts vary. Dangerous can directly threaten server system permissions. Ordinary injection can reveal account information in the database. To obtain the administrator's password or other useful information. If the permissions are high, you can directly write to the webshell, read the server's directory file, or directly add a management account, execute replacement services, and other attacks.
3.中轉注入,也叫cookie中轉注入
3. Relay injection, also known as cookie relay injection
本來這個要歸于樓上那一類,但是我單自列出來了。有些程序本身或者外加的防注入程序都只是過濾了對參數的post或者get。而忽略了cookie。所以攻擊者只要中轉一下同樣可以達到注入的目的。
Originally, this was supposed to belong to the upstairs category, but I listed it separately. Some programs themselves or additional anti injection programs only filter posts or gets for parameters. And ignored cookies. So the attacker can also achieve the purpose of injection by simply transitioning.
4.數據庫寫入木馬
4. Database Write Trojan
也就是以前可能有些程序員認為mdb的數據庫容易被下載,就換成asp或者asa的。但是沒有想到這么一換,帶來了更大的安全隱患。這兩種格式都可以用迅雷下載到本地的。更可怕的是,攻擊者可以一些途徑提交一句話木馬,插入到數據庫來,然后用工具連接就獲得權限了。
In the past, some programmers may have thought that mdb databases were easy to download, so they switched to ASP or asa. But I didn't expect such a change to bring greater safety hazards. Both formats can be downloaded locally using Thunderbolt. Even more terrifying is that attackers can submit a sentence to a Trojan horse through some means, insert it into the database, and then use tools to connect to obtain permissions.
5.數據庫備份
5. Database backup
這其實是很多網站后臺的一個功能,本意是讓各位管理員備份數據庫。但是攻擊者通過這個來把自己上傳帶后門的圖片木馬的格式改成真正的木馬格式。從而得到權限。記得之前有個網站系統數據庫備份的那個頁面沒有管理認證,那危害就更大泥桿 保定古箏 塑料增韌劑 拱形護坡模具 保定空調維修 托輥生產線了。有的網站數據庫備份雖然有限制,但是還是被某些特殊情況突破了。比如攻擊者可以備份的格式
This is actually a feature in the backend of many websites, originally intended to allow administrators to back up their databases. But attackers use this to change the format of their uploaded images with backdoors to the true Trojan format. In order to obtain permission. Remember that there was a website system where the database backup page was not managed and authenticated, which made the harm even greater. Although some website databases have limitations in backup, they are still broken through by certain special circumstances. For example, the format that attackers can backup
