关闭

Maximum size of arbitrary code allowed

463人阅读 评论(0) 收藏 举报

The LimitRequestLine directive [17] in the Apache configuration file allows the web
server to reduce the size of an HTTP request . This includes all information passed in the
query as part of the GET request. The default value for this directive is 8190 bytes. If the
SQL Injection is discovered on the GET request and our query including the arbitrary code
8
is larger than this value, Apache web server would response with the HTTP Status Code
414 and the request would not be processed.
By default, the Apache web server sets the LimitRequestBody directive to 2GB [17]. This
is the allowed size of an HTTP request message body. If the SQL Injection is discovered in
a POST request, 2GB will give us enough room to upload our arbitrary code.
Web application firewalls also have the ability to terminate a long request. This long
request is normally detected as a buffer overflow attack.

0
0

查看评论
* 以上用户言论只代表其个人观点,不代表CSDN网站的观点或立场
    个人资料
    • 访问:5410228次
    • 积分:75394
    • 等级:
    • 排名:第21名
    • 原创:1393篇
    • 转载:2814篇
    • 译文:0篇
    • 评论:354条
    文章存档
    最新评论