Ethical Hacking - Web Penetration Testing(7)
阅读原文时间:2023年07月13日阅读:1

VULNS MITIGATION

1. File Upload Vulns - Only allow safe files to be updated.

2. Code Execution Vulns:

  • Don't use dangerous functions.
  • Filter use input before execution.

3. File inclusion:

  • Disable allow_url_fopen & allow_url_include.

  • Use static file inclusion.

Suggest using Hard Code Style, not using any variables, which is much more secure.

index.php?page=news.php

index.php
code:
include($_GET('page'));

index.php
code:
include('page.php');