计算机应用与软件
計算機應用與軟件
계산궤응용여연건
COMPUTER APPLICATIONS AND SOFTWARE
2014年
2期
21-23,28
,共4页
周开东%魏理豪%王甜%邹洪%崔磊%刘亚琼
週開東%魏理豪%王甜%鄒洪%崔磊%劉亞瓊
주개동%위리호%왕첨%추홍%최뢰%류아경
远程文件包含%漏洞分级%漏洞检测
遠程文件包含%漏洞分級%漏洞檢測
원정문건포함%루동분급%루동검측
Remote file inclusion%Vulnerability classification%Vulnerability detection
深入研究基于PHP的远程文件包含漏洞检测以及漏洞分级等技术,在此基础上设计和实现远程文件包含漏洞分级检测工具,并搭建基于PHP语言的目标系统,对检测工具原型进行全面的功能和性能测试。提出漏洞分级检测思想,模拟攻击者向应用系统发送请求,通过服务器的返回信息来判断漏洞的存在性及漏洞的级别。
深入研究基于PHP的遠程文件包含漏洞檢測以及漏洞分級等技術,在此基礎上設計和實現遠程文件包含漏洞分級檢測工具,併搭建基于PHP語言的目標繫統,對檢測工具原型進行全麵的功能和性能測試。提齣漏洞分級檢測思想,模擬攻擊者嚮應用繫統髮送請求,通過服務器的返迴信息來判斷漏洞的存在性及漏洞的級彆。
심입연구기우PHP적원정문건포함루동검측이급루동분급등기술,재차기출상설계화실현원정문건포함루동분급검측공구,병탑건기우PHP어언적목표계통,대검측공구원형진행전면적공능화성능측시。제출루동분급검측사상,모의공격자향응용계통발송청구,통과복무기적반회신식래판단루동적존재성급루동적급별。
We thoroughly study the PHP-based vulnerability detection and classification technology for remote file inclusion,based on it we design and implement a vulnerability classification and detection tool for remote file inclusion,build a PHP language-based target system,and conduct an overall functional and performance test on the prototype of detection tool.The vulnerability classification and detection idea proposed in this article is to simulate the attacker to send the requests to web application system and then to determine the existence of the vulnerabilities and their levels through the returned information from the server.