Home >Operation and Maintenance >Safety >Solutions to common website security vulnerabilities
The following are some common website security vulnerabilities and solutions. Let’s take a look at them.
(Learning video sharing: Programming video)
1. Sql blind injection
Solution: Add filtering
2. Sql injection
Solution: modify the underlying code to eliminate parameterized queries
3. iis file and directory enumeration/Directory listing
Solution: Disable directory browsing
4. webdav directory traversal
Solution: http://www.45it.com/net/201208/31779.htm
5 . _VIEWSTATE is not encrypted
Solution: In
6. File backup vulnerability
Do not place file backup in the WEB root directory
such as http://.. ./web.rar, the backup file needs to be placed in another directory
7. HTTP.sys remote code execution vulnerability
Vulnerability: Microsoft Windows HTTP.sys remote code execution vulnerability (CVE-2015- 1635)(MS15-034)
Solution: Install Microsoft patch package (http://www.gltc.cn/47506.html)
8. Vulnerable Javascript library
Vulnerability : Vulnerable Javascript library
Solution: Update Javascript library
9 Short file name vulnerability
Solution: https://segmentfault.com/a/1190000006225568
If it is invalid: use the following method:
https://www.cnblogs.com/xiaozi/p/5587039.html
If it is iis7 but no request filtering occurs, manually Installation
https://yq.aliyun.com/ziliao/120062
Add a red box line at the location shown
Note that the original default AllowDotInPath= 0 Change to AllowDotInPath =1
Otherwise, some function lists cannot be loaded.
10. Microsoft IIS Duplicate Parameter Request Denial of Service Vulnerability (MS10-065)
The script processing code in IIS has a stack overflow vulnerability when processing duplicate parameter requests. Remote attackers can pass This vulnerability is exploited by sending a specially crafted URI request to the ASP page of the website hosted by IIS, causing the service to crash.
Solution: http://zerobox.org/bug/2716.html
11. IIS Duplicate Parameter Request Denial of Service Vulnerability-CVE-2010-1899
Note: It is speculated that the server has implemented security protection. Even if we install patches and other operations to fix this vulnerability, the school's security rules are still there. , will prevent requests for parameters with the same name or similar parameters. Here link.axd
The request passed normally. 12. AppScan fixes vulnerability: Enable insecure HTTP methodshttp://www.cnblogs.com/lyuec/p/4245175.html
Disable WebDAV
IIS Disable the webdev function in the extended function. This function can prohibit dangerous actions such as: DELETE-SEARCH-COPY-MOVE-PROPFIND-PROPPATCH-MKCOL-LOCK-UNLOCK-PUT.
https://technet.microsoft.com/zh-cn/library/security/ms10-070. aspx
The above is the detailed content of Solutions to common website security vulnerabilities. For more information, please follow other related articles on the PHP Chinese website!