Ethical Hacking - Web Penetration Testing(7)

VULNS MITIGATION

1. File Upload Vulns - Only allow safe files to be updated.

2. Code Execution Vulns:

  • Don't use dangerous functions.
  • Filter use input before execution.

3. File inclusion:

  • Disable allow_url_fopen & allow_url_include.

  • Use static file inclusion.

Suggest using Hard Code Style, not using any variables, which is much more secure.

index.php?page=news.php

index.php
code:
include($_GET('page'));

index.php
code:
include('page.php');

 

posted @ 2020-02-08 12:37  晨风_Eric  阅读(101)  评论(0编辑  收藏  举报