Netinfo Security ›› 2015, Vol. 15 ›› Issue (10): 53-60.doi: 10.3969/j.issn.1671-1122.2015.10.008

Previous Articles     Next Articles

Research on Attack-defense of PHP Web Application Upload Vulnerability

WEI Kun-peng1(), GE Zhi-hui1, YANG Bo2   

  1. 1. College of Computer and Electronic Information, Guangxi University, Nanning Guangxi 530004, China
    2. China Telecom Group System Integration Limited Liability Company, Guangxi Branch, Nanning Guangxi 530028, China
  • Received:2015-08-14 Online:2015-10-01 Published:2015-11-04

Abstract:

The Web application set up by PHP (hypertext preprocessor) is the most widely use in the Internet. Once the PHP Web application with security vulnerability, the security of the data and the users of the system is greatly threaten. Because of this, the security vulnerability of PHP Web applications is getting more and more attention. How to secure the PHP Web application protection has become a hot spot in the research of the current. There is a lot of probability and the damage is great attack in the security of PHP Web. They are XSS vulnerability, SQL injection vulnerability, code execution vulnerability and upload vulnerability etc. So far, there has been a system of defensive research in XSS, SQL vulnerabilities and code execution vulnerability and other fields, the SQL injection is more popular in the top. Correspondingly, the Web PHP applications of upload vulnerability are lack of a systematic attack and defense research. Related content could appear in only one chapter in an article, some of these prevention methods are outdated, and many of the latest attack techniques and prevention methods are not involved. The article analyzes carefully on the file upload attack in PHP Web application and gives the corresponding protective measures, and sums up some security development suggestions about file-upload capabilities in PHP Web application.

Key words: PHP Web, vulnerability, file upload, attack-defense

CLC Number: