web漏洞扫描程序_Web应用程序漏洞和预防

web漏洞扫描程序

A website is an application that you can access and browse on your device through a web browser. It has two main components running in the background: a web server and a database. A web server is a machine that stores, processes, and delivers web pages as and when requisitioned by the user. A database is a structured collection of data that is stored on the webserver and used by the web application. The web server is connected to the internet and has an IP address that can be accessed by an attacker to exploit any vulnerabilities. This article will explore the ways someone might try to attack a web application, as well as how to prevent this.

网站是一种应用程序，您可以通过网络浏览器在设备上访问和浏览。 它有两个主要组件在后台运行：Web服务器和数据库。 Web服务器是一种在用户要求时存储，处理和交付网页的机器。 数据库 是存储在Web服务器上并由Web应用程序使用的数据的结构化集合。 Web服务器已连接到Internet，并具有一个IP地址，攻击者可以访问该IP地址以利用任何漏洞。 本文将探讨有人可能尝试攻击Web应用程序的方式，以及如何防止这种情况。

攻击网站 (Attacking Website)

There are two main approaches for attacking a website, these are”

攻击网站的主要方法有两种，它们是“

• A server-side attack
  服务器端攻击
• A client-side attack
  客户端攻击

Server-side attacks do not require user interaction and can be launched directly on the targeted machine. Once the targeted website has been chosen, the attacker targets the webserver and gathers the necessary information. this information could include what operating system the target website uses, what programs are installed on the server machine, what services it has running, and what port is associated with those services.

服务器端攻击不需要用户干预，可以直接在目标计算机上启动。 一旦选择了目标网站，攻击者就将网络服务器作为目标并收集必要的信息。 此信息可能包括目标网站使用的操作系统，服务器计算机上安装了哪些程序，服务器正在运行的服务以及与这些服务关联的端口。

Most of the services running on the remote server are designed to provide remote access but if they are not configured in the best possible way then an attacker can take advantage of this situation and gain access to these servers. Moreover, services — if not updated — may have some vulnerabilities such as code execution, remote buffer, and so on. In other words, an attacker can scan the IP address and get the list of all the services running on the server. Then, by simply searching each of the services over the internet, an attacker can gather information about any vulnerabilities associated with those services. A server-side attack is then launched using those vulnerabilities.

远程服务器上运行的大多数服务旨在提供远程访问，但是如果未以最佳方式配置它们，则攻击者可以利用这种情况并获得对这些服务器的访问权限。 此外，服务(如果未更新)可能会存在一些漏洞，例如代码执行，远程缓冲区等。 换句话说，攻击者可以扫描IP地址并获取服务器上运行的所有服务的列表。 然后，仅通过Internet搜索每个服务，攻击者就可以收集有关与那些服务相关的任何漏洞的信息。 然后使用这些漏洞启动服务器端攻击。

Client-side attacks require human interaction which means that these attacks need the user to download a file/open a link or install an update that will run the code on their machine. The file/link opens a backdoor that is not detectable by anti-virus application, giving full access to the machine while the attacker remains undetectable. These attacks require user initiation which is why gathering information about the victim is very important. Examples of the type of information that the attacker seeks include knowing who their friends are, network and websites they use, what websites and applications they trust, and so on. Unlike server-side attacks, the focus of client-side attacks is on the victim rather than the application or the operating system.

客户端攻击需要人为干预，这意味着这些攻击需要用户下载文件/打开链接或安装将在其计算机上运行代码的更新。 该文件/链接打开了防病毒应用程序无法检测到的后门，从而在攻击者仍然无法检测到的情况下提供了对计算机的完全访问权限。 这些攻击需要用户发起，因此收集有关受害者的信息非常重要。 攻击者寻求的信息类型的例子包括知道他们的朋友是谁，他们使用的网络和网站，他们信任的网站和应用程序等等。 与服务器端攻击不同，客户端攻击的重点是受害者而不是应用程序或操作系统。

信息收集 (Information Gathering)

The first thing an attacker does is gather as much information as possible about the target. This could be the IP Address, the domain name information, and technologies used (for example programming languages used, services installed, the database, or ther websites on that server). This can be done by using tools like Maltego, ZenMap, Nexpose, Knock, and more.

攻击者要做的第一件事是收集有关目标的尽可能多的信息。 这可以是IP地址，域名信息和使用的技术(例如，该服务器上使用的编程语言，安装的服务，数据库或其他网站)。 这可以通过使用Maltego，ZenMap，Nexpose，Knock等工具来完成。

There are some websites that can also help in gathering information about websites:

有些网站还可以帮助收集有关网站的信息：

Whois lookup — This is used to find contact information, IP addresses, location of the server, server types, operating system, and more.

Whois查找—用于查找联系信息，IP地址，服务器位置，服务器类型，操作系统等。

Netcraft Site Report — This is used to find out technologies used on the target machine, domain information, server information (this is very helpful in finding vulnerabilities and exploits on the target machine), third party information, server-side technologies used (Apache, PHP, SSL, etc.) and client-side technologies used (such as Javascript, or JQuery), blog software used (WordPress), and os on.

Netcraft网站报告-用于查找目标计算机上使用的技术，域信息，服务器信息(这对于查找目标计算机上的漏洞和漏洞利用非常有帮助)，第三方信息，使用的服务器端技术(Apache，使用PHP，SSL等)和客户端技术(例如Javascript或JQuery)，使用博客软件(WordPress)以及OS。

The information gathered using these websites allows an attacker to access the machine without hacking into it. This is known as Social Engineering (which is the art of manipulating people so that they give up confidential information).

使用这些网站收集的信息使攻击者无需侵入即可访问计算机。 这就是所谓的“社会工程学” (这是操纵人以使他们放弃机密信息的艺术)。

漏洞的类型以及如何预防 (Types of Vulnerabilities and How to prevent them)

Image sourced from Pexels.com

图片来自Pexels.com

文件上传漏洞 (File upload vulnerabilities)

Any web application permitting its user to upload any type of file is an opportunity for an attacker to exploit as it allows them to upload a malicious file onto the server. Based on the information gathered, the attacker will know which programming languages are used on the server; they can then upload a file in that language which can be executed on the server.

任何允许其用户上传任何类型文件的Web应用程序都为攻击者提供了利用的机会，因为它允许他们将恶意文件上传到服务器上。 根据收集到的信息，攻击者将知道服务器上使用了哪种编程语言。 然后他们可以用该语言上载文件，该文件可以在服务器上执行。

Before uploading the malicious file, the attacker will create a payload with password protection (meaning that the payload is only accessible to them). This payload is then uploaded and executed on the server, opening the backdoor. Once the attacker gains access, they can then run any command on the victim’s machine.

在上传恶意文件之前，攻击者将创建具有密码保护的有效负载(这意味着该有效负载仅可由他们访问)。 然后将此有效负载上载并在服务器上执行，从而打开后门。 一旦攻击者获得访问权限，他们便可以在受害者的计算机上运行任何命令。

预防 (Prevention)

To prevent this type of attack, users should only be authorized to upload specific types of files and should be prohibited from uploading any executable files. Additionally, web applications must use filters to check the file type and not just file extension (as checking extensions alone can easily be bypassed).

为防止此类攻击，应仅授权用户上载特定类型的文件，并应禁止用户上载任何可执行文件。 此外，Web应用程序必须使用过滤器来检查文件类型，而不仅是文件扩展名(因为可以轻松地绕过仅检查扩展名)。

代码执行漏洞 (Code Execution Vulnerability)

This vulnerability enables the attacker to execute any command on a webserver using the input boxes. The attacker will listen for a reverse connection from the webserver (aka the target) back to his machine. Once a connection has been established, the attacker will be able to run any command on the target machine.

利用此漏洞，攻击者可以使用输入框在Web服务器上执行任何命令。 攻击者将侦听从Web服务器(也称为目标)到其计算机的反向连接。 建立连接后，攻击者将能够在目标计算机上运行任何命令。

预防 (Prevention)

Make sure that the web application is secure and that the user is not able to execute any command on the server. Filter all the functions that can help the attacker execute code on the server (such as Eval). If you have to allow users to execute certain commands for any reason then be sure to analyze the input before executing it.

确保Web应用程序是安全的，并且用户不能在服务器上执行任何命令。 筛选所有可以帮助攻击者在服务器上执行代码的功能(例如Eval) 。 如果由于任何原因必须允许用户执行某些命令，请确保在执行输入之前先对其进行分析。

本地和远程文件包含漏洞 (Local and Remote File Inclusion Vulnerability)

Local File Inclusion is when a vulnerability in a website allows the attacker to execute a command through the URL. This allows the attacker to read any file from the target machine. Remote File Inclusion is when a vulnerability in a website allows the attacker to inject any file on the target computer. This means that an attacker can then execute payloads, establish a reverse connection, and run commands.

本地文件包含是指网站中的漏洞允许攻击者通过URL执行命令。 这使攻击者可以从目标计算机读取任何文件。 远程文件包含是指网站中的漏洞允许攻击者将任何文件注入目标计算机上。 这意味着攻击者随后可以执行有效载荷，建立反向连接并运行命令。

预防 (Prevention)

Inside php.ini file on the server, turn off the “allow_url_fopen” and “allow_url_inclde” settings. Also, use static type file inclusion instead of dynamic type file inclusion.

在服务器上的php.ini文件中，关闭“ allow_url_fopen”和“ allow_url_inclde”设置。 另外，使用静态类型文件包含而不是动态类型文件包含。

SQL注入漏洞 (SQL Injection Vulnerability)

This vulnerability allows an attacker to interfere with the queries that an application makes to its database. The attacker can then retrieve and manipulate any data from the database, as well as read and write files on the server.

此漏洞使攻击者可以干扰应用程序对其数据库的查询。 然后，攻击者可以从数据库中检索和操作任何数据，以及在服务器上读写文件。

This type of attack is more dangerous than any of the other attacks because an attacker does not make any changes to the files (making this attack very hard to detect). Using this vulnerability, an attacker can easily bypass the login screen and gain access to the admin privileges on the website.

这种类型的攻击比其他任何攻击都更加危险，因为攻击者不会对文件进行任何更改(很难检测到这种攻击)。 使用此漏洞，攻击者可以轻松绕过登录屏幕，并获得对网站上管理员权限的访问权限。

预防 (Prevention)

These types of attacks are very hard to stop by using filters as the attacker can make it look like there is no exploit but filters can be bypassed using encoding, proxy, and so on. Often web applications have a blacklist and whitelist of commands to stop these attacks but they can be bypassed as well.

通过使用过滤器很难阻止这些类型的攻击，因为攻击者可以使它看起来像没有漏洞利用，但是可以使用编码，代理等来绕过过滤器。 通常，Web应用程序具有阻止这些攻击的黑名单和命令白名单，但也可以绕过它们。

The best way to avoid this type of attack is to program your web application in such a way that it does not allow code to be injected and executed. This can only be done by using parameterized statements. Implement the Principle of Least Privilege (POLP) to limit the access rights for users to the bare minimum permissions they need to perform their work.

避免此类攻击的最佳方法是对Web应用程序进行编程，以使其不允许注入和执行代码。 这只能通过使用参数化语句来完成。 实施最低特权原则(POLP)，将用户的访问权限限制为执行工作所需的最低权限。

跨站点脚本(XSS)漏洞 (Cross-Site Scripting (XSS) Vulnerability)

A website is vulnerable to XSS if it uses un-sanitized user input for the output it generates. Using this vulnerability, an attacker will gain access to all the objects that the web page has access to.

如果网站使用未经过滤的用户输入作为生成的输出，则该网站很容易受到XSS的攻击。 使用此漏洞，攻击者将可以访问网页有权访问的所有对象。

These attacks can be broken into two types:

这些攻击可以分为两种类型：

1.) Stored XSS — In this situation, the injected code will be stored in the page/database. The code is executed when a user accesses the page.

1.)存储的XSS —在这种情况下，注入的代码将存储在页面/数据库中。 用户访问页面时执行该代码。

2.) Reflected XSS — In this situation, the code is not stored anywhere and is executed only when the targeted user runs a specific URL manipulated by the attacker.

2.)反映的XSS-在这种情况下，代码不会存储在任何地方，仅在目标用户运行由攻击者操纵的特定URL时才执行。

预防 (Prevention)

There are three common ways to prevent XSS:

共有三种防止XSS的方法：

Escape user input — this entails ensuring that the user input is secure and trusted; i.e. converting each of the following characters from the user input to how they are represented by HTML:

逃避用户输入-这需要确保用户输入是安全且受信任的； 也就是说，将以下每个字符从用户输入转换为HTML表示的方式：

& to &
< to &lt;
> to &gt;
“ to &quot;
‘ to &#x27;
/ to &#x2F;

Sanitize Input — This involves sanitizing the user input to ensure that data received can do no harm to users or the database. This is done by accepting user input in an acceptable format only.

清理输入-清理用户输入，以确保接收到的数据不会对用户或数据库造成伤害。 通过仅接受可接受格式的用户输入来完成此操作。

Validate Input — This involves ensuring that an application is rendering the data after validating the input to prevent malicious data from harming users or applications.

验证输入-包括确保应用程序在验证输入后呈现数据，以防止恶意数据损害用户或应用程序。

结论 (Conclusion)

All the web applications offer convenience and are publicly exposed which makes data readily available for those who are willing to do a bit of research. The applications are prone to vulnerabilities that can be found and exploited by the attackers. Therefore, it is vital to implement secure means to handle sensitive information and avoid vulnerabilities. This article aimed to inform you of the various types of cyberattacks that an attacker might use to compromise your system. I hope that you find this helpful in safeguarding your web applications! Stay safe and feel free to leave any feedback or questions in the comments section.

所有的Web应用程序都提供了便利，并且是公开的，这使得愿意进行一些研究的人可以随时使用数据。 这些应用程序容易受到攻击者发现和利用的漏洞的攻击。 因此，至关重要的是要采用安全的手段来处理敏感信息并避免漏洞。 本文旨在向您介绍攻击者可能用来破坏系统的各种类型的网络攻击。 我希望您发现这对保护您的Web应用程序有帮助！ 请保持安全，并随时在评论部分中留下任何反馈或问题。

翻译自: https://medium.com/@taranpreet_94321/web-application-vulnerabilities-and-prevention-38f17135cd05

web漏洞扫描程序