摘要
Web系统的广泛应用,使其安全面临越来越大的挑战。以Web安全领域中的命令执行漏洞为研究内容,从命令执行漏洞产生的原因及危害进行分析,并基于PHP环境介绍了命令拼接、黑名单绕过以及反弹shell等常用的命令执行攻击方式.最后分析了Web应用开发阶段、Web应用系统参数设置以及系统运维人员等方面的防御。
With the wide application of web system,web security is facing more and more challenges.This paper takes the Command Execution Vulnerability in the field of web security as the research content,analyzes the causes and hazards of the command execution vulnerability,and introduces some common command execution attacks based on PHP environment,such as command splicing,blacklist bypass,rebound shell and so on.Finally,it analyzes the defense of web application development stage,web application system parameter setting,system operation and maintenance personnel.
作者
袁丹
YUAN Dan(Hunan College of Information,Changsha Hunan 410000,China)
出处
《信息与电脑》
2021年第10期212-214,共3页
Information & Computer
关键词
WEB安全
命令执行漏洞
命令拼接
黑名单绕过
Web security
command execution vulnerability
command splicing
blacklist bypass