CN107832617A - A kind of PHP code performs the black box detection method and device of leak - Google Patents

A kind of PHP code performs the black box detection method and device of leak Download PDF

Info

Publication number
CN107832617A
CN107832617A CN201710831007.1A CN201710831007A CN107832617A CN 107832617 A CN107832617 A CN 107832617A CN 201710831007 A CN201710831007 A CN 201710831007A CN 107832617 A CN107832617 A CN 107832617A
Authority
CN
China
Prior art keywords
leak
php
code
load
php code
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710831007.1A
Other languages
Chinese (zh)
Other versions
CN107832617B (en
Inventor
练晓谦
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Future Information Technology Co Ltd
Original Assignee
Beijing Future Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Future Information Technology Co Ltd filed Critical Beijing Future Information Technology Co Ltd
Priority to CN201710831007.1A priority Critical patent/CN107832617B/en
Publication of CN107832617A publication Critical patent/CN107832617A/en
Application granted granted Critical
Publication of CN107832617B publication Critical patent/CN107832617B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/033Test or assess software

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer And Data Communications (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses the black box detection method and device that a kind of PHP code performs leak;This method is:PHP code of one section of function for output random string is chosen or write, the code for closing PHP programs is added before the PHP code, to generate load;Then the value of GET parameters and POST parameters in HTTP request is substituted for the load, constructs the request data package for detecting leak;The request data package constructed is sent to targeted website, and receives the response data packet of targeted website;Judge in the response data packet whether the random string that the PHP code generates in the load comprising the request data package, if in the presence of judging that the targeted website has PHP code and performs leak;If being not present, judge that the targeted website is not present PHP code and performs leak.The present invention effectively reduces the rate of false alarm of Hole Detection, and provides reliable reference frame for the secondary checking of leak.

Description

A kind of PHP code performs the black box detection method and device of leak
Technical field
The invention belongs to computer network security technology field, is related to the black box detection side that a kind of PHP code performs leak Method and device.
Background technology
PHP code performs leak, refers to that character string can be changed into the function of code (such as to PHP programs by some in calling Eval functions in PHP) when, do not account for whether user can control this character string;Assault person is by executable code PHP programs are passed to as character string, and PHP programs are performed the code in character string, are held so as to generate PHP code Row leak.
Common PHP code performs the black box detection method of leak, is the HTTP request based on normal access target website, The value of GET parameters and POST parameters in HTTP request is substituted for the load for including " phpinfo () " function, is sent to target Website simultaneously receives returned data, by judging whether to include the implementing result of " phpinfo () " function in returned data, so as to Judge whether that PHP code performs leak.
If including the implementing result of " phpinfo () " function in returned data, illustrate " phpinfo () " letter of injection Number is carried out success really, and leak is performed so as to illustrate to exist PHP code;It is on the contrary then in the absence of PHP code perform leak.
This method, by injecting PHP functions (being typically phpinfo functions), Ran Hou in the parameter in HTTP request Judge whether the implementing result for including the PHP functions in returned data bag, to judge whether that PHP code performs leak.
However, performing leak even if there be no PHP code, knot is performed comprising certain PHP function by chance in returned data bag The situation of fruit, had existing for certain probability.Therefore, there is certain misinformation probability in this method.
Report example by mistake:
Some PHP file, receives the value of any parameter, and back page is all the implementing result of phpinfo () function. Now, if with the leak detection method in above-mentioned example, it can judge that the PHP files have PHP code and perform leak;And actually Simultaneously leak is not present in the PHP files, therefore can produce wrong report.
The content of the invention
For technical problem present in prior art, it is an object of the invention to provide a kind of PHP code to perform leak Black box detection method and device.
The technical scheme is that:
A kind of PHP code performs the black box detection method of leak, and its step includes:
1) PHP code of one section of function for output random string is chosen or write, is added before the PHP code for closing The code of PHP programs is closed, to generate the load that performs leak for detecting PHP code and whether there is;Then by HTTP request The value of GET parameters and POST parameters is substituted for the load, constructs the request data package for detecting leak;
2) request data package constructed is sent to targeted website, and receives the response data packet of targeted website;
3) judge in the response data packet whether the random words that the PHP code generates in the load comprising the request data package Symbol string, if in the presence of, judge the targeted website exist PHP code perform leak;If being not present, judge that the targeted website is not deposited Leak is performed in PHP code.
Further, the set information in the acquisition request target website server, if the sound that the destination server returns Answer in packet and corresponding set information be present, then further determine that the destination server has PHP code and performs leak.
Further, PHP code of one section of function for set information in output target website server is chosen or writes, The code for closing PHP programs is added before the PHP code, is used to verify that PHP code performs what leak whether there is to generate Load, the value of GET parameters and POST parameters in HTTP request is then substituted for the load, constructs asking for leak evidence obtaining Seek packet;The request data package for being used to verify constructed is sent to targeted website, acquisition request target website server On set information.
Further, the set information is the progress information in target website server.
Further, the set information is the content of the specified file in target website server.
A kind of PHP code performs the black box detection means of leak, it is characterised in that including packet constructing module, request Respond interactive module, leak judge module;Wherein,
Packet constructing module, by being added before exporting the PHP code of random string in one section of function for closing The code of PHP programs, to generate the load that performs leak for detecting PHP code and whether there is;Then by GET in HTTP request The value of parameter and POST parameters is substituted for the load, constructs the request data package for detecting leak;
Request response interactive module, for the request data package constructed to be sent into targeted website, and receives target The response data packet of website;
Leak judge module judges, for according to this in the load that the request data package whether is included in the response data packet The random string of PHP code generation, judges that targeted website whether there is leak;If in the presence of, judge the targeted website exist PHP code performs leak;If being not present, judge that the targeted website is not present PHP code and performs leak.
Further, in addition to leak evidence obtaining module, for the setting letter in the acquisition request target website server Breath, if corresponding set information in the response data packet that the destination server returns be present, further determine that the destination service Leak is performed and there is PHP code in device.
Further, the leak evidence obtaining module, by believing in one section of function for setting in output target website server The code for closing PHP programs is added before the PHP code of breath, is used to verify that PHP code performs leak and whether there is with generation Load, the value of GET parameters and POST parameters in HTTP request is then substituted for the load, construct for leak evidence obtaining Request data package;The request data package for being used to verify constructed is sent to targeted website, the service of acquisition request targeted website Set information on device.
The present invention writes PHP code of the function for output random string by packet constructing module, in the PHP code The preceding code added for closing PHP programs, to generate load, and the value of GET parameters and POST parameters in HTTP request is replaced Change the load into, construct the request data package for detecting leak;
By asking response interactive module that the request data package constructed is sent into targeted website, and receive target network The response data packet stood;
By leak judge module, judge that PHP code in request data payload package whether is included in response data packet to be generated Random string, to judge that targeted website whether there is leak;
By leak evidence obtaining module, load is regenerated, to obtain the progress information in target website server or refer to The content of file is determined, further to verify leak necessary being.
Load in leak evidence obtaining module is different from the load in packet constructing module;Load in leak evidence obtaining module It is comprising function to obtain the PHP code of progress information or specified file content, for obtaining entering for target website server Journey information or specified file content;Load in packet constructing module is the PHP for output random string comprising function Code, it whether there is for detecting PHP code execution leak.
1st, the purpose of load is to obtain progress information in leak evidence obtaining module
Function is write to obtain the PHP code of progress information.Such as:
system('ps-ef');//
The code for closing PHP programs can be added before code.Such as:
');system('ps-ef');//
");system('ps-ef');//
Such as above-mentioned example, that is, generate 3 load.
Note:' ps-ef ' is the order that progress information is obtained under (SuSE) Linux OS.If targeted website operating system is Windows operating system, then obtain progress information using the order of ' tasklist '.So ' ps-ef ' herein, is only Example, to illustrate technical scheme.When practical operation, it can be adjusted according to actual conditions.
2nd, the purpose of load is to obtain specified file content in leak evidence obtaining module
Function is write to obtain the PHP code of specified file content.Such as:
system('cat/etc/passwd');//
The code for closing PHP programs can be added before code.Such as:
');system('cat/etc/passwd');//
");system('cat/etc/passwd');//
Such as above-mentioned example, that is, generate 3 load.
Note:File/etc/passwd, be a file under (SuSE) Linux OS, selection read this document the reason for be This document 100% is existing under (SuSE) Linux OS., should if targeted website operating system is Windows operating system File existing for 100% under the selection Windows operating system, such as c:Windows system.ini files.So this Place /etc/passwd files, only it is example, to illustrate technical scheme., can basis when practical operation Actual conditions adjust.
If in response data packet, progress information be present or specified file content be present, then can further test Card leak is implicitly present in.
Reason is:
If progress information in response data packet be present, illustrate to be used for code (ps-ef) quilt for obtaining progress information in load Targeted website successful execution, then show that targeted website has PHP code and performs leak.
If specified file content in response data packet be present, illustrate to be used for the code for obtaining specified file content in load (cat/etc/passwd) by targeted website successful execution, then show that targeted website has PHP code and performs leak.
Ordinary circumstance is that after Hole Detection Programmable detection, which goes out certain website, certain leak be present, Hole Detection personnel can enter The secondary checking work of pedestrian's work, to ensure the leak necessary being, and the not wrong report of Hole Detection program.
The present invention is write function as progress information in output target website server or specified by leak evidence obtaining module The PHP code of file content, the code for closing PHP programs is added before the PHP code, to generate load, and by HTTP The value of GET parameters and POST parameters is substituted for the load in request, constructs the request data package for leak evidence obtaining;Will construction Good request data package is sent to targeted website, and receives the response data packet of targeted website;If checked in response data packet To the progress information or specified file content of target website server, Hole Detection personnel can be intuitively to judge and confirm Leak necessary being.
The effect of leak evidence obtaining module, it is to provide the progress information or specified file content of target website server. So, when Hole Detection personnel are carrying out secondary checking work, it is seen that progress information or specified file content, so that it may With determination leak necessary being fast quickly, without carrying out manual validating vulnerability work again.
Leak evidence obtaining module, the time of the secondary validating vulnerability of Hole Detection personnel is greatlyd save, improves work effect Rate.
The present invention mainly has advantages below:
Present invention employs thinking of the PHP code of output random string as load, it instead of and commonly use known hold Method of the functions such as row phpinfo () as load.It is extremely low to there is the probability of identical random string in back page by chance, So leak rate of false alarm is extremely low, this thinking effectively reduces the rate of false alarm of Hole Detection.
The thinking that the present invention additionally uses Hole Detection and leak evidence obtaining is combined, targeted website is obtained by leak and serviced The leak forensic informations such as the progress information of device, specified file content, can intuitively judge for Hole Detection personnel and confirm to leak Hole necessary being, reliable reference frame is provided for the secondary checking of leak.
Brief description of the drawings
Fig. 1 is flow chart of the method for the present invention.
Embodiment
To enable the features described above of the present invention and advantage to become apparent, special embodiment below, and coordinate institute's accompanying drawing to make Describe in detail as follows.
The method flow of the present invention is as shown in Figure 1:
Step 1:" packet constructing module ", PHP code of the function for output random string is write, in the PHP code The preceding code added for closing PHP programs, to generate load, and the value of GET parameters and POST parameters in HTTP request is replaced Change the load into, construct the request data package for detecting leak;
Step 2:" request response interactive module ", is sent to targeted website, and receive mesh by the request data package constructed Mark the response data packet of website;
Step 3:" leak judge module ", judges the PHP generation whether is included in request data payload package in response data packet The random string of code generation, to judge that targeted website whether there is leak;When including the random string in response data packet When, judge that targeted website has PHP code and performs leak.
Step 4:" leak evidence obtaining module ", regenerates load, with obtain progress information in target website server or The content of person's specified file, further to verify leak necessary being.
More specifically implementation:
(1) packet constructs
(1) load is generated
Write PHP code of the function for output random string.Such as:
print(c9de2ca853969fca6526811f099825691);//
The code for closing PHP programs can be added before code.Such as:
');print(c9de2ca853969fca6526811f099825691);//
");print(c9de2ca853969fca6526811f099825691);//
Such as above-mentioned example, that is, generate 3 load.
(2) packet for detecting leak is constructed
The value of GET parameters and POST parameters in HTTP request is substituted for the load, constructs the number for detecting leak According to bag.Such as:
http://1.1.1.1/test_1.phpData=print (c9de2ca853969fca6526811f099825691);//
http://1.1.1.1/test_2.phpData=');print (c9de2ca853969fca6526811f099825691);//
http://1.1.1.1/test_3.phpData=");print (c9de2ca853969fca6526811f099825691);//
(2) leak judges
(1) example 1:
For detecting the packet of leak, such as:
http://1.1.1.1/test_1.phpData=print (c9de2ca853969fca6526811f099825691);//
It is sent to after targeted website, in the back page received, if in the presence of the random string (c9de2ca853969fca6526811f099825691), then judge that PHP code be present performs leak;It is if random in the absence of this Character string, then judge the leak is not present.
(2) example 2:
For detecting the packet of leak, such as:
http://1.1.1.1/test_2.phpData=');print (c9de2ca853969fca6526811f099825691);//
It is sent to after targeted website, in the back page received, if in the presence of the random string (c9de2ca853969fca6526811f099825691), then judge that PHP code be present performs leak;It is if random in the absence of this Character string, then judge the leak is not present.
(3) example 3:
For detecting the packet of leak, such as:
http://1.1.1.1/test_3.phpData=");print (c9de2ca853969fca6526811f099825691);//
It is sent to after targeted website, in the back page received, if in the presence of the random string (c9de2ca853969fca6526811f099825691), then judge that PHP code be present performs leak;It is if random in the absence of this Character string, then judge the leak is not present.
(3) leak is collected evidence
(1) progress information in target website server is obtained
Load is generated, such as:
http://1.1.1.1/test_1.phpData=system (' ps-ef');// be sent to after targeted website, In the back page received, if process list information be present, it can further verify that the leak is implicitly present in;And enter Journey list information can intuitively judge for Hole Detection personnel as forensic information and confirm leak necessary being.Note:“ps– Ef " is the order that progress information is obtained under linux operating systems.
If process list information is not present in back page, fail further to verify leak necessary being, but not generation Table leak is not present.
(2) the specified file content in target website server is obtained
Load is generated, such as:
http://1.1.1.1/test_1.phpData=system (' cat/etc/passwd');// it is sent to target After website, in the back page received, if the content of file/etc/passwd in target website server be present, It can further verify that the leak is implicitly present in;, can be for leakage and file/etc/passwd content is as forensic information Hole testing staff intuitively judges and confirms leak necessary being.Note:" cat/etc/passwd " is to be obtained under linux operating systems Take the order of file/etc/passwd contents.
If file/etc/passwd content is not present in back page, fail further to verify leak necessary being, But do not represent leak to be not present.
Implement to be merely illustrative of the technical solution of the present invention rather than be limited above, the ordinary skill people of this area Technical scheme can be modified by member or equivalent substitution, without departing from the spirit and scope of the present invention, this hair Bright protection domain should be to be defined described in claims.

Claims (10)

1. a kind of PHP code performs the black box detection method of leak, its step includes:
1) PHP code of one section of function for output random string is chosen or write, is added before the PHP code for closing The code of PHP programs, to generate the load that performs leak for detecting PHP code and whether there is;Then by GET in HTTP request The value of parameter and POST parameters is substituted for the load, constructs the request data package for detecting leak;
2) request data package constructed is sent to targeted website, and receives the response data packet of targeted website;
3) judge in the response data packet whether the random character that the PHP code generates in the load comprising the request data package String, if in the presence of, judge the targeted website exist PHP code perform leak;If being not present, judge that the targeted website is not present PHP code performs leak.
2. the method as described in claim 1, it is characterised in that the set information in the acquisition request target website server, If corresponding set information in the response data packet that the destination server returns be present, further determine that the destination server is deposited Leak is performed in PHP code.
3. method as claimed in claim 2, it is characterised in that choose or write one section of function as output target website server The PHP code of upper set information, the code for closing PHP programs is added before the PHP code, be used to verify PHP with generation Code performs the load that leak whether there is, and the value of GET parameters and POST parameters in HTTP request then is substituted for into the load, Construct the request data package for leak evidence obtaining;The request data package for being used to verify constructed is sent to targeted website, Set information in acquisition request target website server.
4. method as claimed in claim 2 or claim 3, it is characterised in that the set information is entering in target website server Journey information.
5. method as claimed in claim 2 or claim 3, it is characterised in that the set information is the finger in target website server Determine the content of file.
6. a kind of PHP code performs the black box detection means of leak, it is characterised in that is rung including packet constructing module, request Answer interactive module, leak judge module;Wherein,
Packet constructing module, by being added before exporting the PHP code of random string in one section of function for closing PHP journeys The code of sequence, to generate the load that performs leak for detecting PHP code and whether there is;Then by GET parameters in HTTP request The load is substituted for the value of POST parameters, constructs the request data package for detecting leak;
Request response interactive module, for the request data package constructed to be sent into targeted website, and receives targeted website Response data packet;
Leak judge module judges, for according to the PHP in the load that the request data package whether is included in the response data packet The random string of code building, judge that targeted website whether there is leak;If in the presence of judging that the targeted website has PHP Code performs leak;If being not present, judge that the targeted website is not present PHP code and performs leak.
7. device as claimed in claim 6, it is characterised in that also including leak evidence obtaining module, for the acquisition request mesh The set information on Website server is marked, if corresponding set information in the response data packet that the destination server returns be present, Then further determine that the destination server has PHP code and performs leak.
8. device as claimed in claim 7, it is characterised in that the leak evidence obtaining module, by being output in one section of function The code for closing PHP programs is added in target website server before the PHP code of set information, is used to verify with generation PHP code performs the load that leak whether there is, and the value of GET parameters and POST parameters in HTTP request then is substituted for into the load Lotus, construct the request data package for leak evidence obtaining;The request data package for being used to verify constructed is sent to target network Stand, the set information in acquisition request target website server.
9. device as claimed in claim 7 or 8, it is characterised in that the set information is entering in target website server Journey information.
10. device as claimed in claim 7 or 8, it is characterised in that the set information is the finger in target website server Determine the content of file.
CN201710831007.1A 2017-09-15 2017-09-15 Black box detection method and device for PHP code execution vulnerability Active CN107832617B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710831007.1A CN107832617B (en) 2017-09-15 2017-09-15 Black box detection method and device for PHP code execution vulnerability

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710831007.1A CN107832617B (en) 2017-09-15 2017-09-15 Black box detection method and device for PHP code execution vulnerability

Publications (2)

Publication Number Publication Date
CN107832617A true CN107832617A (en) 2018-03-23
CN107832617B CN107832617B (en) 2021-03-30

Family

ID=61643269

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710831007.1A Active CN107832617B (en) 2017-09-15 2017-09-15 Black box detection method and device for PHP code execution vulnerability

Country Status (1)

Country Link
CN (1) CN107832617B (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109086608A (en) * 2018-07-20 2018-12-25 西安四叶草信息技术有限公司 A kind of detection file uploads method, terminal device and the server of loophole
CN109508548A (en) * 2018-11-19 2019-03-22 四川长虹电器股份有限公司 A kind of threat behavior gathering system and method based on emulator technology
CN110765464A (en) * 2019-10-30 2020-02-07 深圳前海微众银行股份有限公司 Vulnerability detection method, device, equipment and computer storage medium
CN112202763A (en) * 2020-09-28 2021-01-08 杭州安恒信息技术股份有限公司 IDS strategy generation method, device, equipment and medium
CN112632554A (en) * 2020-11-05 2021-04-09 杭州孝道科技有限公司 Vulnerability verification method based on runtime modification payload technology
CN113010899A (en) * 2021-04-16 2021-06-22 上海交通大学 PHP deserialization vulnerability exploitation chain detection method
CN115102748A (en) * 2022-06-16 2022-09-23 中国电信股份有限公司 Vulnerability detection method and device, storage medium and electronic equipment

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110167493A1 (en) * 2008-05-27 2011-07-07 Yingbo Song Systems, methods, ane media for detecting network anomalies
CN103095681A (en) * 2012-12-03 2013-05-08 微梦创科网络科技(中国)有限公司 Loophole detection method and device
CN104881603A (en) * 2014-02-27 2015-09-02 腾讯科技(深圳)有限公司 Method and apparatus for detecting webpage redirection vulnerabilities
CN105141647A (en) * 2014-06-04 2015-12-09 ***股份有限公司 Method and system for detecting Web application
CN105631341A (en) * 2015-12-18 2016-06-01 北京奇虎科技有限公司 Blind test method and device of bug
CN105871845A (en) * 2016-03-31 2016-08-17 深圳市深信服电子科技有限公司 Method and device for detecting Web vulnerability scanning behavior
CN106778280A (en) * 2016-11-02 2017-05-31 北京知道未来信息技术有限公司 A kind of long-range leak PoC write methods of filled type and leak detection method
CN106953860A (en) * 2017-03-20 2017-07-14 腾讯科技(深圳)有限公司 A kind of data scanning method and scanning server
CN106998335A (en) * 2017-06-13 2017-08-01 深信服科技股份有限公司 A kind of leak detection method, gateway device, browser and system

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110167493A1 (en) * 2008-05-27 2011-07-07 Yingbo Song Systems, methods, ane media for detecting network anomalies
CN103095681A (en) * 2012-12-03 2013-05-08 微梦创科网络科技(中国)有限公司 Loophole detection method and device
CN104881603A (en) * 2014-02-27 2015-09-02 腾讯科技(深圳)有限公司 Method and apparatus for detecting webpage redirection vulnerabilities
CN105141647A (en) * 2014-06-04 2015-12-09 ***股份有限公司 Method and system for detecting Web application
CN105631341A (en) * 2015-12-18 2016-06-01 北京奇虎科技有限公司 Blind test method and device of bug
CN105871845A (en) * 2016-03-31 2016-08-17 深圳市深信服电子科技有限公司 Method and device for detecting Web vulnerability scanning behavior
CN106778280A (en) * 2016-11-02 2017-05-31 北京知道未来信息技术有限公司 A kind of long-range leak PoC write methods of filled type and leak detection method
CN106953860A (en) * 2017-03-20 2017-07-14 腾讯科技(深圳)有限公司 A kind of data scanning method and scanning server
CN106998335A (en) * 2017-06-13 2017-08-01 深信服科技股份有限公司 A kind of leak detection method, gateway device, browser and system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
王耀辉: "面向PHP程序的SQL漏洞检测***", 《计算机工程》 *

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109086608A (en) * 2018-07-20 2018-12-25 西安四叶草信息技术有限公司 A kind of detection file uploads method, terminal device and the server of loophole
CN109508548A (en) * 2018-11-19 2019-03-22 四川长虹电器股份有限公司 A kind of threat behavior gathering system and method based on emulator technology
CN110765464A (en) * 2019-10-30 2020-02-07 深圳前海微众银行股份有限公司 Vulnerability detection method, device, equipment and computer storage medium
CN112202763A (en) * 2020-09-28 2021-01-08 杭州安恒信息技术股份有限公司 IDS strategy generation method, device, equipment and medium
CN112202763B (en) * 2020-09-28 2022-04-22 杭州安恒信息技术股份有限公司 IDS strategy generation method, device, equipment and medium
CN112632554A (en) * 2020-11-05 2021-04-09 杭州孝道科技有限公司 Vulnerability verification method based on runtime modification payload technology
CN113010899A (en) * 2021-04-16 2021-06-22 上海交通大学 PHP deserialization vulnerability exploitation chain detection method
CN113010899B (en) * 2021-04-16 2022-06-07 上海交通大学 PHP deserialization vulnerability exploitation chain detection method
CN115102748A (en) * 2022-06-16 2022-09-23 中国电信股份有限公司 Vulnerability detection method and device, storage medium and electronic equipment
CN115102748B (en) * 2022-06-16 2023-09-22 中国电信股份有限公司 Vulnerability detection method and device, storage medium and electronic equipment

Also Published As

Publication number Publication date
CN107832617B (en) 2021-03-30

Similar Documents

Publication Publication Date Title
CN107832617A (en) A kind of PHP code performs the black box detection method and device of leak
CN109492378A (en) A kind of auth method based on EIC equipment identification code, server and medium
US10904286B1 (en) Detection of phishing attacks using similarity analysis
US20200267183A1 (en) Systems and methods for vulnerability analysis of phishing attacks
US9372785B2 (en) Identifying implicit assumptions associated with a software product
CN109241709B (en) User behavior identification method and device based on slider verification code verification
CN109561085A (en) A kind of auth method based on EIC equipment identification code, server and medium
CN109831465A (en) A kind of invasion detection method based on big data log analysis
CN109299135A (en) Abnormal inquiry recognition methods, identification equipment and medium based on identification model
US9667613B1 (en) Detecting mobile device emulation
CN105049607B (en) A kind of short message display method and mobile terminal
CN107294953B (en) Attack operation detection method and device
CN112527630B (en) Test case generation method, device, computer equipment and storage medium
CN109660556A (en) User log-in method, device, equipment and storage medium based on information security
CN108011868A (en) One kind slides verification method and mobile terminal
CN109040051A (en) A kind of BMC login method, system, equipment and computer readable storage medium
CN109600362A (en) Zombie host recognition methods, identification equipment and medium based on identification model
CN109145590A (en) A kind of function hook detection method, detection device and computer-readable medium
Butavicius et al. Why people keep falling for phishing scams: The effects of time pressure and deception cues on the detection of phishing emails
Wang et al. Reliability assessment of autonomous vehicles based on the safety control structure
CN105024814B (en) A kind of verification method, server and system
CN108234441B (en) Method, apparatus, electronic device and storage medium for determining forged access request
US20160219069A1 (en) Method for detecting anomalies in network traffic
CN108668241A (en) Information prompting method, device, storage medium and electronic equipment
AlQadheeb et al. Enhancing cybersecurity by generating user-specific security policy through the formal modeling of user behavior

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
PE01 Entry into force of the registration of the contract for pledge of patent right
PE01 Entry into force of the registration of the contract for pledge of patent right

Denomination of invention: A black box detection method and device for PHP code execution vulnerability

Effective date of registration: 20220902

Granted publication date: 20210330

Pledgee: Zhongguancun Branch of Bank of Beijing Co.,Ltd.

Pledgor: BEIJING KNOW FUTURE INFORMATION TECHNOLOGY CO.,LTD.

Registration number: Y2022110000201

CP02 Change in the address of a patent holder
CP02 Change in the address of a patent holder

Address after: Room 301, Unit 1, 3rd Floor, Building 15, No.1 Courtyard, Gaolizhang Road, Haidian District, Beijing, 100080

Patentee after: BEIJING KNOW FUTURE INFORMATION TECHNOLOGY CO.,LTD.

Address before: 100102 room 112102, unit 1, building 3, yard 1, Futong East Street, Chaoyang District, Beijing

Patentee before: BEIJING KNOW FUTURE INFORMATION TECHNOLOGY CO.,LTD.