人生必须的知识就是引人向光明方面的明灯。这篇文章主要讲述Web Application Vulnerablities相关的知识,希望能为你提供帮助。
1、 File inclusion
berfoe start this caption
i make a conclusion for install third-part as follow
I not includethe sequence decoder and Comparer tabls in this blogs ,because i think their usage is very straightforward ,and in fact ,rarely usee them in career,so it‘s waste my time .if you want to add the functionality to scan for outdated javascript libraries ,you can install the module Retire.js
bisides it, WAF ,errors, java, Net,SQLi,XSS, and so on.for me usually used in my burpsuite.
before install the BApp Store ,frist install Jyython
(Jython is a library for java and python ,and some apps use this library ,so it‘s a Prrequisite for apps
to work )
if you can‘t install BApp in correct, you can restart application, use the command (you must use per version).
java -XX:MaxPermSize=1G -jar [ burp_file_name.jar]
File inclusion this Vulnerability can be exploited by including a file in the url ,the file that was included can be local to the server ,and thus
be called Local File inclusion, or can point to remote a remote file, and thus called a Remote file inclusion . but at present the programming and web servers have buit-in mechanisms to protect against this flaw.in real life there is some developer forgets to include a validation on server side such these legacy programming languages
JSP、ASP、php。
Local File Inclusion will allow direction traversal characters such as dot-dot-slash to be injection.
such as:
| http:///domain_name/index.php?file=hack.html
we can changer the hack file to another file on the web server system can checked:
| http:///domain_name/index.php?file=../../../../ect/password
【Web Application Vulnerablities】
推荐阅读
- Spring 梳理 - javaConfig在App和webApp中的应用
- 互联网“寒冬”不想被辞退,Android程序员该如何应对()
- 安卓基础之缩放加载本地大图
- mapper代理查询
- mapper加载的3种方法
- Android--多线程之Handler
- csapp-局部性
- Spring boot 梳理 - SpringApplication
- Spring boot 梳理 - 在bean中使用命令行参数-自动装配ApplicationArguments