【安全牛学习笔记】Web开发中的涉及到的权限问题
来源:互联网 发布:matlab分水岭分割算法 编辑:程序博客网 时间:2024/06/14 12:35
Web开发中的涉及到的权限问题
1.常见的触发场景
2.漏洞原理
3.漏洞危害
4.如何避免&修复漏洞
---------------------------------------------------------------------------------
www-data@w:~/controller$ vim missionController.class.php
<?php
class missionController extends baseController{
public $var;
public function __construct(){
parent::__construct();
if($this->loged){
return;
}else{
header('Location: /index.php');
exit();
}
}
public function feedAction(){
$missionModel = new missionModel();
$feeds = $missionModel->get();
$url = '/index.php?c=mission&a=feed';
$username = $this->username;
require('tpl/feed.tpl');
}
public function feedApiAction(){
//permission check
$id = request('id');
$sid = request('sessionid');
$userModel = new userModel();
$userInfo = $userModel->getUserInfo($id,$sid);
$role = $userInfo['role'];
$feeds = array();
$callback = request('callback');
if($role == 1){
$missionModel = new missionModel();
$feeds = $missionModel->getMost($this->id);
$feeds = json_encode(array('email'=>$this->username,'count'=>$feeds[0]));
header("Content-Type: application/json");
echo ' '.$callback.'('.$feeds.')';
}else{
echo $callback.'('.json_encode($feeds).')';
}
}
public function missionAddAction(){
$referer = $_SERVER['HTTP_REFERER'];
$hostname = parse_url($referer,PHP_URL_HOST);
if($hostname !== 'paper.com' && $hostname !== 'csrf.com'){
die('csrf');
}
$missionModel = new missionModel();
$missionUrl = request('missionUrl');
$missionContent = request('missionContent');
$missionModel->add($this->id,$this->username,$missionUrl,$missionContent);
$count = 1;
if($count > 0){
$this->json(array('result'=>0,'message'=>'add mission ok'));
}else{
$this->json(array('result'=>1,'message'=>'add mission wrong'));
}
}
public function deleteAction(){
$missionId = request('missionId');
$missionModel = new missionModel();
$missionModel->delete($missionId,$this->id);
header('Location: /index.php?c=mission&a=feed');
}
public function testDeleteAction(){
echo 'testDeleteAction';
}
public function evalAction(){
$param = request('param');
$a = 0;
eval("\$a = $param;");
echo $a;
}
public function preg_replaceAction(){
$param = request('param');
$result = preg_replace("/(.*)/e",'$var = \'\\1\';',$param);
echo $result;
}
public function add(){
$this->id;
}
}
---------------------------------------------------------------------------------
[missionmodel.class.php]
<?php
class missionModel extends baseModel{
public function __construct(){
parent::__construct();
}
public function get(){
$sql = 'select id,username,url,content,time from mission order by id desc';
$db_prepare = $this->conn->prepare($sql);
$db_prepare->execute(array());
$result = $db_prepare->fetchAll();
return $result;
}
public function getMost($uid){
$sql = 'select count(*) from mission where uid=?';
$db_prepare = $this->conn->prepare($sql);
$db_prepare->execute(array($uid));
$result = $db_prepare->fetch();
return $result;
}
public function add($uid,$username,$missionUrl,$missionContent){
$sql = 'insert into mission(uid,username,url,content,time) values(?,?,?,?,?)';
$db_prepare = $this->conn->prepare($sql);
$time = unixTime();
$db_prepare->execute(array($uid,$username,$missionUrl,$missionContent,$time));
return ;
}
public function delete($id,$uid){
$sql = 'delete from mission where id=? and uid=?';
$db_prepare = $this->conn->prepare($sql);
$db_prepare->execute(array($id,$uid));
return;
}
}
---------------------------------------------------------------------------------
漏洞原理
1.垂直越权
2.水平越权
漏洞危害:
获取敏感数据,而已诋毁其他用户,访问后台功能进后台上传文件,获取服务器权限等。
漏洞修复:
每一个controller及action中都严格检查权限。
开发建议:
是否登录
是否存在CSRF
是否有权限进行某项操作....
执行操作
- 【安全牛学习笔记】Web开发中的涉及到的权限问题
- 涉及到的权限
- web 安全学习笔记
- web安全学习笔记
- Web 安全学习笔记
- web安全学习笔记
- web安全学习笔记
- Jboss中的安全机制涉及到的几个配置文件
- Web 应用程序的基本安全--学习笔记
- 【SQL Server学习笔记】SQL Server的安全对象、权限
- Web安全开发问题小结
- web应用中涉及到的编码问题总结
- 【安全牛学习笔记】MSsql2005(Sa)权限执行命令总结
- web安全学习笔记-加密算法
- web安全学习笔记之-脚本安全
- web安全学习笔记之-html5安全
- 01_学习java WEB涉及到的相关技术
- web权限的问题
- 理解Maven中的SNAPSHOT版本和正式版本
- 解决中文乱码问题
- booterStrap体验-首页改造-响应式导航栏(1)
- [LeetCode]二叉树层次遍历讲解与实例
- JavaScript深拷贝和浅拷贝
- 【安全牛学习笔记】Web开发中的涉及到的权限问题
- 绝对路径和相对路径,创建目录和删除
- 理解GCD中任务和队列执行的原理
- UVALive 5733|Iterated Difference|暴力
- 员工是公司最大的投资人
- Quartz快速入门指导
- 常用Mysql命令
- html重写搜索框的按钮
- Python备忘【1】输出0~255之间整数对应的二进制、八进制、十六进制数(填充对齐)