Security Testing 简明教程
Security Testing - Malicious File Execution
开发人员通常直接使用或将可能遭到破坏的输入与文件连接,或假设输入文件是真实的。如果数据没有经过正确检查,可能会导致 Web 服务器处理或调用遭到破坏的内容。
Developers often directly use or concatenate potentially vulnerable input with file or assume that input files are genuine. When the data is not checked properly, this can lead to the vulnerable content being processed or invoked by the web server.
Example
以下是几个经典示例:
Some of the classic examples include −
-
Upload .jsp file into web tree.
-
Upload .gif to be resized.
-
Upload huge files.
-
Upload file containing tags.
-
Upload .exe file into web tree.
Hands ON
Step 1 - 启动 WebGoat 并导航至恶意文件执行部分。该场景的快照如下 -
Step 1 − Launch WebGoat and navigate to Malicious file execution section. The snapshot of the scenario is given below −
Step 2 − 为了完成该课程,我们需在上文所说的位置中上传 guest.txt。
Step 2 − In order to complete this lesson, we need to upload guest.txt in the above said location.
Step 3 − 让我们创建一个 jsp 文件,在执行 jsp 时创建 guest.txt 文件。在这种情况下,jsp 的命名无关紧要,因为我们正执行 jsp 文件的内容。
Step 3 − Let us create a jsp file such that the guest.txt file is created on executing the jsp. The Naming of the jsp has no role to play in this context as we are executing the content of the jsp file.
<HTML>
<% java.io.File file = new
java.io.File("C:\\Users\\username$\\.extract\\webapps\\WebGoat\\mfe_target\\guest.txt");
file.createNewFile(); %>
</HTML>Step 4 − 现在,上传 jsp 文件,并在上传后复制该文件的链接位置。上传时系统将接受一张图片,但我们上传的是 jsp。
Step 4 − Now upload the jsp file and copy the link location of the same after upload. The upload is expecting an image, but we are uploading a jsp.
Step 5 − 通过导航到 jsp 文件,不会有任何信息发送给用户。
Step 5 − By navigating to the jsp file, there will not be any message to the user.
Step 6 − 现在,刷新上传 jsp 文件的会话,你会收到以下消息:“* 恭喜你。你已成功完成课程”。
Step 6 − Now refresh the session where you have uploaded the jsp file and you will get the message saying, "* Congratulations. You have successfully completed the lesson".
