期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于ASP上传源码的漏洞分析及解决策略研究 被引量:1

Analysis and Solutions Strategy Research Based on ASP Upload Source of Vulnerability
下载PDF
导出
摘要 随着ASP技术的发展,网络上基于ASP技术开发的网站越来越多。与此同时,ASP木马被上传至网站后,其后果也是灾难性的。由于ASP木马不同于普通的可执行程序木马,它与正常的ASP文件并无本质不同,只是程序代码具有恶意性,因此很容易进行伪装、修改,且由于各种原因,ASP木马很容易被恶意上传,导致非常经典的ASP上传漏洞。该文就是基于对ASP木马上传漏洞的原理予以详细分析和研究,找出问题的根源所在,并提出彻底解决这种上传漏洞的合理化建议。 With ASP technology development,the network-based the ASP technology development site on more and more.Meanwhile,ASP Trojan uploaded to the site,the consequences are disastrous.ASP Trojan Unlike ordinary executable Trojan normal ASP file,it is not fundamentally different,just as the program code with malicious,so it is easy to disguise,modify,and for various reasons,ASP Trojans easily malicious upload,leading to very classic ASP upload vulnerability.This article is based on the ASP Trojan upload vulnerability principle be a detailed analysis and research,to identify problems root cause and put forward reasonable suggestions to completely solve this upload vulnerability.
作者 王江为
机构地区 军事经济学院装备财务审计教研室
出处 《电脑知识与技术》 2012年第11X期7899-7902,共4页 Computer Knowledge and Technology
关键词 文件路径 文件名称 上传漏洞 策略研究 File Path File Name Upload Vulnerability Strategy Research
分类号 TP393.092 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献1

二级参考文献21

  • 1CERT/CC.CERT/CC Statistics 1988-2003.http://www.cert.org/stats/ cert_stats.html#vulnerabilities[EB/OL].2004.
  • 2FARMER D,SPAFFORD E H.The Cops Security Checker System[R].Technical Report CSD-TR-993.Department of Computer Sciences,Purdue University.1991.
  • 3NMAP.http://www.insecure.org/nmap/index.html[EB/OL].2003.
  • 4Renaud Deraison.Nessus Scanner.http://www.nessus.org[EB/OL].2004.
  • 5.[EB/OL].ISS.http://www.iss.com/[EB/OL],2004.
  • 6MOORE A P,ELLISON R J,LINGER R C.Attack Modeling for Information Security and Survivability[R].Technical Note,CMU,2001.
  • 7ORTALO R,DESWARTE Y.Experimenting with quantitative evaluation tools for monitoring operational security[J].IEEE Transactions on Software Engineering,1999,25(5):633-650.
  • 8PHILLIPS C A,SWILER L P.A graph-based system for network vulnerability analysis[A].New Security Paradigms Workshop[C].1998.71-79.
  • 9SWILER L P,PHILLIPS C,ELLIS D.Chakerian.Computer-attack graph generation tool[A].Proceedings of the DARPA Information Survivability Conference and Exposition[C].Anaheim,California,2000.307-321.
  • 10RAMAKRISHNAN C,SEKAR R.Model-based analysis of configuration vulnerabilities[J].Journal of Computer Security,2002,10(1/2):189-209.

共引文献40

同被引文献2

引证文献1

二级引证文献2

电脑知识与技术
2012年 第11X期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部