检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:孙百勇[1] 向剑伟[1] 莫正坤[1] 陈晓苏[1]
机构地区:[1]华中科技大学计算机科学与技术学院
出 处:《华中科技大学学报(自然科学版)》2003年第3期66-68,共3页Journal of Huazhong University of Science and Technology(Natural Science Edition)
摘 要:CGI安全漏洞的存在对Web服务器形成了许多潜在的威胁 .基于CGI的工作原理 ,从漏洞成因的角度对CGI的安全漏洞进行了分类 .发现CGI漏洞的有效方法是通过安全漏洞检测 ,而漏洞扫描则是漏洞检测最常用的方法 .在对campas漏洞深入分析的基础上 ,给出了一种基于远端网络扫描原理的模拟攻击方法 .先确定campas文件的存在性 ,然后根据发出的特殊请求及返回结果来分析是否存在漏洞 ,提出了几种修补漏洞的措施及预防漏洞的建议 .实验表明 。Based on working logic of CGI, the CGI security holes were categorized according to their causes. Research showed CGI holes can be found through security holes checking and the most common technique in security holes checking was security holes scanning. Through deep analysis on 'CAMPAS' hole, a method of simulation attack based on remote network scanning was advocated. Based on it, the existence of the 'CAMPAS' file was located and whether there were holes or not through the feedback of a special request was determined. Experiments showed that the method was accurate in locating the existence of 'CAMPAS' holes. Some precautions and remedies were recommended.
分 类 号:TP393[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.222