Đang chuẩn bị nút TẢI XUỐNG, xin hãy chờ
Tải xuống
Bằng cách làm theo tất cả các hướng dẫn này để bảo vệ trang web của bạn, loại hình này có thể được khai thác rất nhiều giảm bớt. Ngoài ra, nghiên cứu các trang web hacker cho khai thác liên quan đến mở rộng của bạn luôn luôn là một ý tưởng tốt. | This material is copyright and is licensed for the sole use by Thomas Rosenblum on 4th December 2008 1010 SW High Ave. Topeka 66604 Chapter 4 By following all these instructions for protecting your site this type of exploit can be greatly diminished. Additionally researching hacker sites for exploits related to your extension is always a good idea. Command Injection Attacks If you are a Star Trek buff you may recall when Captain Kirk was facing his mortal enemy Khan. They were facing each other with Khan having an advantage on the Enterprise. Kirk ordered Spock to get the command codes for the Reliant the vessel Khan had stolen . They entered a sequence of numbers and ordered Reliant s computer to lower her shields. In essence they were using a command injection attack. While the Enterprise scenario is fictitious the command injection attack is not. Injecting a command into your system say a server will render the reliability and trustworthiness of this box null. Here is a very good definition of a command injection attack found at http www.owasp.org index.php Command_Injection Purpose of the command injection attack is to inject and execute commands specified by the attacker in the vulnerable application. In situation like this application which executes unwanted system commands is like a pseudo system shell and the attacker may use it as any authorized system user. However commands are executed with the same privileges and environment as the applications. Command injection attacks are possible in most cases because of lack of correct input data validation which in addition can be manipulated by the attacker forms cookies HTTP headers etc. . There is also different variant of the injection attack called code injection . The difference in code injection is that the attacker adds his own code to the existing one. The attacker extends the way the default functionality of the application without necessity of executing system commands. Injected code is executed with .
