douhuan1257 2010-12-08 20:35
浏览 52

你最狡猾的代码注入攻击PHP是什么?

I am writing an automatic tester for our web application's API. Im trying to break it and expose flaws. So far I am trying:

  1. missing parameters
  2. additional "guess" parameters (ex: admin=1)
  3. malicious parameters: sending something like eval("echo 'injection';"); all encoded in % encoding
  4. other classic SQL injection attacks like OR 1=1, comments --

I'm not really trying to go for stuff like drop tables, I dont want to damage our test environment. All of my attacks are more aimed at printing messages so I know I got around our security without deleting information.

  • 写回答

3条回答 默认 最新

  • dongyirong3564 2010-12-08 20:39
    关注

    I highly recommend that you don't do this yourself. There are tons of different attack vectors and this could be a full time job for quite a long time. It's not something you bang out over a week or two.

    Instead go look at Metasploit. It's an awesome pen testing framework. I guarantee anyone that knows what they are doing when trying to hack a site has this. You may as well use the same tools.

    评论

报告相同问题?

悬赏问题

  • ¥15 Vue3 大型图片数据拖动排序
  • ¥15 划分vlan后不通了
  • ¥15 GDI处理通道视频时总是带有白色锯齿
  • ¥20 用雷电模拟器安装百达屋apk一直闪退
  • ¥15 算能科技20240506咨询(拒绝大模型回答)
  • ¥15 自适应 AR 模型 参数估计Matlab程序
  • ¥100 角动量包络面如何用MATLAB绘制
  • ¥15 merge函数占用内存过大
  • ¥15 使用EMD去噪处理RML2016数据集时候的原理
  • ¥15 神经网络预测均方误差很小 但是图像上看着差别太大