Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Black box detection method and device of PHP code executing loophole

A code execution and detection method technology, applied in computer security devices, instruments, electrical digital data processing, etc., to improve work efficiency, save time for secondary vulnerability verification, and reduce the false positive rate of vulnerabilities

Active Publication Date: 2018-03-23
北京知道未来信息技术有限公司
View PDF9 Cites 10 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

At this time, if the vulnerability detection method in the above example is used, it will be judged that the PHP file has a PHP code execution vulnerability; in fact, the PHP file does not have a vulnerability, so a false positive will be generated

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Black box detection method and device of PHP code executing loophole

Examples

Experimental program
Comparison scheme
Effect test

example 1

[0080] Packets used to detect vulnerabilities, such as:

[0081] http: / / 1.1.1.1 / test_1.php? data=print(c9de2ca853969fca6526811f099825691); / /

[0082] After sending to the target website, if the random string (c9de2ca853969fca6526811f099825691) exists in the received return page, it is judged that there is a PHP code execution vulnerability; if the random string does not exist, it is judged that the vulnerability does not exist.

example 2

[0084] Packets used to detect vulnerabilities, such as:

[0085] http: / / 1.1.1.1 / test_2.php? data='); print(c9de2ca853969fca6526811f099825691); / /

[0086] After sending to the target website, if the random string (c9de2ca853969fca6526811f099825691) exists in the received return page, it is judged that there is a PHP code execution vulnerability; if the random string does not exist, it is judged that the vulnerability does not exist.

example 3

[0088] Packets used to detect vulnerabilities, such as:

[0089] http: / / 1.1.1.1 / test_3.php? data="); print(c9de2ca853969fca6526811f099825691); / /

[0090] After sending to the target website, if the random string (c9de2ca853969fca6526811f099825691) exists in the received return page, it is judged that there is a PHP code execution vulnerability; if the random string does not exist, it is judged that the vulnerability does not exist.

[0091] (3) Vulnerability Forensics

[0092] (1) Obtain process information on the target website server

[0093] Generate payloads such as:

[0094] http: / / 1.1.1.1 / test_1.php? data=system('ps-ef'); / / After sending to the target website, if there is process list information in the received return page, it can be further verified that the vulnerability does exist; and the process list information is used as evidence collection information, It can be used by vulnerability detection personnel to intuitively judge and confirm the real existence of ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a black box detection method and device of a PHP code executing loophole. The method comprises the steps of selecting or coding a piece of PHP code with the function of outputting random strings, and adding codes used for closing a PHP program are added in front of the PHP code to generate loads; then substituting the loads for values of GET parameters and POST parameters in an HTTP request to construct a request data package used for detecting the loophole; sending the configured request data package to a target website, and receiving a responding data package of the target website; judging whether or not the response data package contains the loads in the request data package and the random strings generated by the PHP code, and if yes, judging that the PHP code execution loophole exists in the target website; if not, judging that the PHP code execution loophole does not exist in the target website. The false alarm rate of the loophole detection is effectivelylowered, and a reliable reference basis is provided for secondary verification of the loophole.

Description

technical field [0001] The invention belongs to the technical field of computer network security, and relates to a black-box detection method and device for PHP code execution loopholes. Background technique [0002] PHP code execution vulnerability refers to that when a PHP program calls some functions that can convert a string into code (such as the eval function in PHP), it does not consider whether the user can control the string; hackers will execute the code Passed as a string to the PHP program, and the PHP program executes the code in the string, resulting in a PHP code execution vulnerability. [0003] A common black-box detection method for PHP code execution vulnerabilities is based on HTTP requests for normal access to the target website, replacing the values ​​of the GET parameters and POST parameters in the HTTP request with the payload containing the "phpinfo()" function, sending it to the target website and Receive the returned data, and determine whether th...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/57
CPCG06F21/577G06F2221/033
Inventor 练晓谦
Owner 北京知道未来信息技术有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products