码迷,mamicode.com
首页 > 移动开发 > 详细

Web Application Vulnerablities

时间:2018-12-31 23:12:24      阅读:177      评论:0      收藏:0      [点我收藏+]

标签:inject   another   character   lang   sed   script   use   web   blog   

1、 File inclusion

    berfoe start this caption  i make a conclusion for install third-part as follow

    I not includethe sequence decoder and Comparer tabls in this blogs ,because i think their usage is very straightforward ,and in fact ,rarely usee them in career,so it‘s waste my time .if you want to add the functionality to scan for outdated javaScript libraries ,you can install the module Retire.js   bisides it, WAF ,errors, java, Net,SQLi,XSS, and so on.for me usually used in my burpsuite.  before install the BApp Store ,frist install Jyython  (Jython is a library for java and Python ,and some apps use this library ,so it‘s a Prrequisite for apps  to work )

     if you can‘t install BApp in correct, you can restart application, use the command (you must use per version).

            java -XX:MaxPermSize=1G -jar [ burp_file_name.jar]  

File inclusion this Vulnerability can be exploited by including a file in the url ,the file that was included can be local to the server ,and thus  be called Local File inclusion, or can point to remote a remote file, and thus called a Remote file inclusion . but at present the programming and web servers have buit-in mechanisms to protect against this flaw.in real life there is some developer forgets to include a validation on server side such these legacy programming languages  JSP、ASP、PHP。

     Local File Inclusion will allow direction traversal characters such as dot-dot-slash to be injection.   such as:   | http:///domain_name/index.php?file=hack.html

we can changer the hack file to another file on the web server system can checked:     | http:///domain_name/index.php?file=../../../../ect/password

 

Web Application Vulnerablities

标签:inject   another   character   lang   sed   script   use   web   blog   

原文地址:https://www.cnblogs.com/xinxianquan/p/10203529.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!