基于PHP文件上传漏洞的攻击与防御研究  被引量：4

作　　者：周琳娜[1] 刘旭东 刘冰妍 Zhou Linna;Liu Xudong;Liu Bingyan(Beijing University of Posts and Telecommunications,Beijing 100876,China;China Industrial Control Systems Cyber Emergency Response Team,Beijing 100040,China;Renmin University of China,Beijing 100872,China)

机构地区：[1]北京邮电大学,北京100876 [2]国家工业信息安全发展研究中心,北京100040 [3]中国人民大学,北京100872

出　　处：《信息通信技术》2020年第6期32-38,共7页Information and communications Technologies

摘　　要：Radware2019年Web安全现状报告,深入分析了Web安全领域面临的挑战,以及网络安全泄露事件对互联网环境造成的影响。文章以Web安全领域中的文件上传漏洞为切入点,结合当前Web安全领域的态势情况,跟踪前沿高危性的文件上传漏洞,分别对Apache、Nginx、IIS不同类型的服务器解析漏洞进行探究;分析PHP文件上传漏洞具体攻击手段,通过测试五种不同类型(绕过Javascript前端检测、绕过Content-Type检测文件类型、利用截断上传文件、.htaccess文件上传、构造图片木马)的PHP文件上传漏洞,进而研究获取系统权限的WebShell的攻击原理;结合当前Web系统应用遭受的诸如文件上传类安全告警事件,通过研讨测试漏洞的危害性,分别从系统开发和系统运行提出技术上的防御措施。Radware's status report on Web Security in 2019 provides an in-depth analysis of the challenges faced in protecting Web security and the impact of recent network security leaks on the Internet environment in the past year.Based on this,this research takes the file upload vulnerability in the field of Web security as the breakthrough point.Firstly,according to the current situation in the field of Web security,it traces the high-risk file upload vulnerabilities in the frontier,discusses and explores the analysis vulnerabilities caused by different types of servers such as Apache,Nginx and IIS for parsing script files.Secondly,it analyses the specific attacks of PHP file upload vulnerabilities.Means,through testing and studying five different types of PHP file upload vulnerabilities(bypassing Javascript front-end detection,bypassing Content-Type detection file types,using truncated upload files,uploading.htaccess files,constructing picture trojans)and the attack principle of Web Shell to obtain system privileges.Finally,combining with the current Web system applications,such as file upload security alarm incidents,through discussing the harmfulness of test vulnerabilities,technical defensive measures are proposed from system development and system operation respectively.

关 键 词：WEB安全 文件上传 WEBSHELL 服务器解析漏洞 PHP 

分 类 号：TP393.08[自动化与计算机技术—计算机应用技术]