Joke Collection Website - Public benefit messages - What should I do if the website is prompted by Baidu Security Alliance? What if there are high-risk vulnerabilities in the website?
What should I do if the website is prompted by Baidu Security Alliance? What if there are high-risk vulnerabilities in the website?
1, high-risk vulnerability
High-risk vulnerabilities include: SQL injection vulnerability, XSS cross-site scripting vulnerability, page source code leakage, website backup file, website file containing SVN information, and website random reading file vulnerability.
SQL injection vulnerability: The website program neglects to check the SQL statements contained in the input string, which makes the SQL statements contained in the database become legal SQL instructions, resulting in the theft, change or deletion of all kinds of sensitive data in the database.
XSS cross-site scripting vulnerability: the website program ignores the input string (such as
There is source code leakage on the page: there is source code leakage on the page, which may lead to the leakage of key logic and configured account password of the website service. Attackers can use this information to gain access to the website more easily, resulting in the website being hacked.
The website has backup files: the website has backup files, such as database backup files and website source backup files. Attackers can use this information to gain access to the website more easily, resulting in the website being hacked.
There is a file containing SVN information in the website: there is a file containing SVN information in the website, which is a private file of the version controller of the website source code, including the address of the SVN service, the submitted private file name, the SVN user name and other information, which helps the attacker to understand the website architecture more comprehensively and provide help for the attacker to invade the website.
The website has the loophole of reading any file of Resin: Some versions of Resin server's website have the loophole of reading any file, and attackers can use this loophole to read any file content of the website server, resulting in the website being hacked.
2. Medium risk vulnerability
Medium risk vulnerabilities include directory browsing vulnerabilities, PHPINFO files, server environment detection files, log information files and JSP sample files.
There are directory browsing loopholes in the website: there are configuration defects and directory browsing loopholes in the website, which will lead to the disclosure of many private files and directories of the website, such as database backup files and configuration files. Attackers can use this information to gain access to the website more easily, which leads to the hacking of the website.
PHPINFO file exists in the website: PHPINFO file exists in the website, and it is a unique information file of PHP, which will lead to a large number of architecture information disclosure of the website, help attackers to understand the architecture of the website more comprehensively, and help attackers invade the website.
There are server environment detection files in the website: the existence of server environment detection files in the website will lead to the disclosure of a large number of architecture information of the website, which will help attackers to understand the architecture of the website more comprehensively and help them invade the website.
There are log information files in the website: there are log information files in the website, and the error information contained in this file will lead to the disclosure of some architecture information of the website, which will help attackers to understand the architecture of the website more comprehensively and help them invade the website.
There are JSP sample files in the website: there are JSP sample files in the website, and the weak password of this file will lead to the disclosure of a large amount of architecture information of the website, which will help attackers to understand the architecture of the website more comprehensively and help attackers invade the website.
3. Low risk vulnerabilities
Low-risk vulnerabilities include: debugging information of website programs exists on the page, background login address exists on the website, server statistics files exist on the website, and sensitive directories exist on the website.
There are debugging information of website programs on the page: there are database information on the page, such as database name, database administrator name, etc., to help attackers understand the architecture of the website more comprehensively and help attackers invade the website.
The website has a background login address: the website has a background login address, and attackers often use this address for background login of the website, such as weak passwords, form bypass, violent cracking, etc. , so as to gain the authority of the website.
There are server-side statistical information files in the website: the existence of server-side statistical information files in the website will lead to the disclosure of some structural information of the website, which will help attackers to understand the architecture of the website more comprehensively and provide help for attackers to invade the website.
- Previous article:Military wedding greetings
- Next article:What if WeChat doesn't pop up a message when Meizu's mobile phone is locked?
- Related articles
- I want to buy 5230 for my wife.
- How to send text messages on different mobile phones?
- How to cancel sp service without charge when telecom mobile phone receives sp charging SMS?
- Why is there no prompt tone in the message of WeChat?
- Giggling and making sentences
- Which platform is the collection of Zheng Guang's legal affairs?
- How does WeChat block each other's messages?
- Exposing fraudulent mobile phone recycling routines, how to prevent such scams?
- Written to my husband
- On September 29th, Meizhou CDC issued an important reminder of epidemic prevention and control during the National Day holiday.