Solutions to common website security vulnerabilities
The following are some common website security vulnerabilities and solutions. Let’s take a look at them.
(Learning video sharing: Programming video)
1. Sql blind injection
Solution: Add filtering
2. Sql injection
Solution: modify the underlying code to eliminate parameterized queries
3. iis file and directory enumeration/Directory listing
Solution: Disable directory browsing
4. webdav directory traversal
Solution: http://www.45it.com/net/201208/31779.htm
5 . _VIEWSTATE is not encrypted
Solution: In
6. File backup vulnerability
Do not place file backup in the WEB root directory
such as http://.. ./web.rar, the backup file needs to be placed in another directory
7. HTTP.sys remote code execution vulnerability
Vulnerability: Microsoft Windows HTTP.sys remote code execution vulnerability (CVE-2015- 1635)(MS15-034)
Solution: Install Microsoft patch package (http://www.gltc.cn/47506.html)
8. Vulnerable Javascript library
Vulnerability : Vulnerable Javascript library
Solution: Update Javascript library
9 Short file name vulnerability
Solution: https://segmentfault.com/a/1190000006225568
If it is invalid: use the following method:
https://www.cnblogs.com/xiaozi/p/5587039.html
If it is iis7 but no request filtering occurs, manually Installation
https://yq.aliyun.com/ziliao/120062
Add a red box line at the location shown
Note that the original default AllowDotInPath= 0 Change to AllowDotInPath =1
Otherwise, some function lists cannot be loaded.
10. Microsoft IIS Duplicate Parameter Request Denial of Service Vulnerability (MS10-065)
The script processing code in IIS has a stack overflow vulnerability when processing duplicate parameter requests. Remote attackers can pass This vulnerability is exploited by sending a specially crafted URI request to the ASP page of the website hosted by IIS, causing the service to crash.
Solution: http://zerobox.org/bug/2716.html
11. IIS Duplicate Parameter Request Denial of Service Vulnerability-CVE-2010-1899
Note: It is speculated that the server has implemented security protection. Even if we install patches and other operations to fix this vulnerability, the school's security rules are still there. , will prevent requests for parameters with the same name or similar parameters. Here link.axd
Disable WebDAV
IIS Disable the webdev function in the extended function. This function can prohibit dangerous actions such as: DELETE-SEARCH-COPY-MOVE-PROPFIND-PROPPATCH-MKCOL-LOCK-UNLOCK-PUT.
https://technet.microsoft.com/zh-cn/library/security/ms10-070. aspx
The above is the detailed content of Solutions to common website security vulnerabilities. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1378
52
Jailbreak any large model in 20 steps! More 'grandma loopholes' are discovered automatically
Nov 05, 2023 pm 08:13 PM
In less than a minute and no more than 20 steps, you can bypass security restrictions and successfully jailbreak a large model! And there is no need to know the internal details of the model - only two black box models need to interact, and the AI can fully automatically defeat the AI and speak dangerous content. I heard that the once-popular "Grandma Loophole" has been fixed: Now, facing the "Detective Loophole", "Adventurer Loophole" and "Writer Loophole", what response strategy should artificial intelligence adopt? After a wave of onslaught, GPT-4 couldn't stand it anymore, and directly said that it would poison the water supply system as long as... this or that. The key point is that this is just a small wave of vulnerabilities exposed by the University of Pennsylvania research team, and using their newly developed algorithm, AI can automatically generate various attack prompts. Researchers say this method is better than existing
php CodeIgniter Security Guide: Protect your website from attacks
Feb 19, 2024 pm 06:21 PM
1. Use the latest version of CodeIgniter The CodeIgniter team regularly releases security patches and updates to fix known vulnerabilities. Therefore, it is important to ensure that you are always using the latest version of CodeIgniter. You can download the latest version by visiting CodeIgniter’s official website. 2. Enforce the use of secure connections (HTTPS) https can encrypt the data passed between your website and users, making it more difficult for malicious users to intercept and steal. You can enable HTTPS by installing an SSL certificate on your server. 3. Avoid using default configurations CodeIgniter provides many default configurations to simplify the development process. However, these default configurations may not
Buffer overflow vulnerability in Java and its harm
Aug 09, 2023 pm 05:57 PM
Buffer overflow vulnerabilities in Java and their harm Buffer overflow means that when we write more data to a buffer than its capacity, it will cause data to overflow to other memory areas. This overflow behavior is often exploited by hackers, which can lead to serious consequences such as abnormal code execution and system crash. This article will introduce buffer overflow vulnerabilities and their harm in Java, and give code examples to help readers better understand. The buffer classes widely used in Java include ByteBuffer, CharBuffer, and ShortB
How to solve common file upload vulnerabilities in PHP language development?
Jun 10, 2023 am 11:10 AM
In the development of web applications, the file upload function has become a basic requirement. This feature allows users to upload their own files to the server and then store or process them on the server. However, this feature also makes developers need to pay more attention to a security vulnerability: the file upload vulnerability. Attackers can attack the server by uploading malicious files, causing the server to suffer varying degrees of damage. PHP language is one of the languages widely used in web development, and file upload vulnerabilities are also one of the common security issues. This article will introduce
The OpenAI DALL-E 3 model has a vulnerability that generates 'inappropriate content.' A Microsoft employee reported it and was slapped with a 'gag order.'
Feb 04, 2024 pm 02:40 PM
According to news on February 2, Shane Jones, manager of Microsoft’s software engineering department, recently discovered a vulnerability in OpenAI’s DALL-E3 model, which is said to be able to generate a series of inappropriate content. Shane Jones reported the vulnerability to the company, but was asked to keep it confidential. However, he eventually decided to disclose the vulnerability to the outside world. ▲Image source: Report disclosed by ShaneJones. This site noticed that ShaneJones discovered through independent research in December last year that there was a vulnerability in the DALL-E3 model of OpenAI text-generated images. This vulnerability can bypass the AI Guardrail (AIGuardrail), resulting in the generation of a series of NSFW inappropriate content. This discovery attracted widespread attention
Comma operator vulnerabilities and protective measures in Java
Aug 10, 2023 pm 02:21 PM
Overview of Comma Operator Vulnerabilities and Defense Measures in Java: In Java programming, we often use the comma operator to perform multiple operations at the same time. However, sometimes we may overlook some potential vulnerabilities of the comma operator that may lead to unexpected results. This article will introduce the vulnerabilities of the comma operator in Java and provide corresponding protective measures. Usage of comma operator: The syntax of comma operator in Java is expr1, expr2, which can be said to be a sequence operator. Its function is to first calculate ex
Website security development practices: How to prevent XML external entity attacks (XXE)
Jun 29, 2023 am 08:51 AM
Website Security Development Practice: How to Prevent XML External Entity Attacks (XXE) With the development of the Internet, websites have become an important way for people to obtain and share information. However, the risks that come with it are also increasing. One of them is XML External Entity Attack (XXE), which is an attack method that exploits vulnerabilities in XML parsers. In this article, we will explain what an XXE attack is and how to prevent it. 1. What is XML External Entity Attack (XXE)? XML external entity attack (XXE) is a
Website security development practices: How to prevent SSRF attacks
Jun 29, 2023 am 11:58 AM
Website Security Development Practice: How to Prevent SSRF Attacks With the rapid development of the Internet, more and more companies and individuals choose to move their business to the cloud, and website security issues have also attracted increasing attention. One of the common security threats is SSRF (Server-SideRequestForgery, server-side request forgery) attack. This article will introduce the principles and harms of SSRF attacks, and provide some common preventive measures to help developers strengthen the security of their websites. The principles and dangers of SSRF attacks
