本文主要介绍代码注入攻击的一种特殊类型:XPath盲注。
The focus of this article is a specific type of code injection attack: the Blind XPath injection.
这些预防方法中,多数也可以类似地应用于预防其他类型的代码注入攻击。
Not surprisingly most of these preventative methods are the same methods you can and should use to prevent other typical code injection attacks.
SQL盲注攻击是一种为人熟知的代码注入攻击形式,但是也有很多其他形式,有些尚未得到很好的记载和了解。
Blind SQL injection attacks are a well know and recognized form of code injection attack, but there are many other forms, some not so well documented or understood.
一种更常见的对Web应用程序的攻击和威胁是某种形式的代码注入,Wikipedia将其定义为。
One of the more common attacks or threats to Web applications is some form of code injection, which Wikipedia defines as.
最恶劣的注入攻击形式也许是代码注入——将新代码置入正在运行的进程的内存空间,随后指示正在运行的进程执行这些代码。
Perhaps the most malicious form of injection attack is code injection—placing new code into the memory space of the running process and then directing the running process to execute it.
我们已经知道攻击者是如何将代码注入应用程序的,接下来再看看一些常见攻击所带来的影响。
Now that you know how attackers get their code into applications, look at the implications of some common attacks.
如果用户能够将SQL代码直接传递给应用程序,此代码将在一个查询中执行,那么就可能发生SQL注入攻击。
A SQL injection vulnerability occurs when a user is able to pass SQL code directly to the application in such a way that the code will be executed in a query.
例如,攻击者可能会通过堆栈溢出(stackcorruption)将代码注入进程,从而执行攻击者选定的代码。
For example, attackers could be trying to inject code into the process via stack corruption, resulting in the ability to execute code of the attacker's choice.
AjaxChat还具有安全性,能够防止代码注入、SQL注入、跨站点脚本攻击、会话偷窃以及其他攻击。
Ajax Chat has security in mind to prevent code injections, SQL injections, cross-site scripting, session stealing, and other attacks.
当mashup中的某些部分是出于恶意目的编写的(或者被攻击了),它可以将恶意代码注入到应用程序中。
When some part of the mashup is written under malicious intent (or has been hacked), it can inject malicious code into the application.
如果未经验证而将输入直接传递到服务器,且应用程序无意中执行了该注入的代码,则攻击可能就会损坏或破坏数据。
If the input is passed directly to the server without being validated and if the application inadvertently executes the injected code, then the attack has the potential to damage or destroy data.
比特梵德检测并阻止试图改变计算机重要系统文件或注册表的行为,并对代码注入(DLL注入)攻击进行警告。
BitDefender detects and blocks attempts to change critical system files or registry entries and warns about attacks performed by code injection (DLL injection).
介绍了SQL注入攻击原理,SQL注入攻击的过程,并从功能代码本身方面详细介绍了SQL注入攻击的防范措施。
In this article, the author explains the principle and process of SQL Injection Attack, and introduces a serial interrelated solution to prevent SQL Injection Attack from the aspect of code in detail.
介绍了SQL注入攻击原理,SQL注入攻击的过程,并从功能代码本身方面详细介绍了SQL注入攻击的防范措施。
In this article, the author explains the principle and process of SQL Injection Attack, and introduces a serial interrelated solution to prevent SQL Injection Attack from the aspect of code in detail.
应用推荐