Ethical Hacking - Web Penetration Testing(7)
时间:2020-02-08 14:07:14
收藏:0
阅读:75
VULNS MITIGATION
1. File Upload Vulns - Only allow safe files to be updated.
2. Code Execution Vulns:
- Don‘t use dangerous functions.
- Filter use input before execution.
3. File inclusion:
- Disable allow_url_fopen & allow_url_include.
- Use static file inclusion.
Suggest using Hard Code Style, not using any variables, which is much more secure.
index.php?page=news.php index.php code: include($_GET(‘page‘));
index.php
code:
include(‘page.php‘);
原文:https://www.cnblogs.com/keepmoving1113/p/12276021.html
评论(0)