| Summary: | 碩士 === 國防大學 === 資訊管理學系 === 104 === Global network has developed more than ten years. A wide variety of websites have mushroomed birth to response to user demand for access to the Internet. Most people choose web packaged software to the operating site while free software is numerous. However, the designer of web packaged software did not consider the safety of the site access permissions and filters because of the intricacy of the code or coding negligence. It may cause the sensitive information accessed by weakness web page, and lead to a serious personal data leaks.
In this study, it talk about the free packaged software "Discuz" briefly that there had been disclosed, and enumerate common SQL Injection vulnerability attacks. Then we exploit instance operation by Discuz and modified by characteristics of the site. This study is expected to reach the experiment results, emphasizing the important security concerns that exist to use packaged software.
Finally, it takes the vulnerability patch for Discuz version 7.2, and proposed a common SQL Injection attack prevention as expected by the present study examples and suggestions. And I hope remind web developers in the development of the site at the same time, the code must be filtered and penetration testing, to avoid the site from malicious replacing the web page attack or suffer serious consequences form user data leakage.
|
|---|
