CN109086608A - A kind of detection file uploads method, terminal device and the server of loophole - Google Patents
A kind of detection file uploads method, terminal device and the server of loophole Download PDFInfo
- Publication number
- CN109086608A CN109086608A CN201810805510.4A CN201810805510A CN109086608A CN 109086608 A CN109086608 A CN 109086608A CN 201810805510 A CN201810805510 A CN 201810805510A CN 109086608 A CN109086608 A CN 109086608A
- Authority
- CN
- China
- Prior art keywords
- file destination
- server
- file
- target load
- indicate
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/034—Test or assess a computer or a system
Abstract
This disclosure relates to technical field of network security, specifically providing a kind of detection file and uploading method, the terminal device and server leak detection method of loophole includes: generation target load, the target load is used to indicate upload file destination, deletes the file destination after the file destination is accessed;The target load is sent to server;Access instruction is sent to server, the access instruction is used to indicate the access file destination;The feedback information that the server is sent is received, when the feedback information includes preset characters, determining the server, there are files to upload loophole.The disclosure can be automatically deleted the detection file for being uploaded to server after sensing, release the memory space of server, improve the effective rate of utilization of memory space.
Description
Technical field
This disclosure relates to which technical field of network security more particularly to a kind of method, terminal that detection file uploads loophole are set
Standby and server.
Background technique
In today of information technology rapid development, hacking technique is also constantly changing.Wherein file uploads the detection of loophole
It is exactly one of them with utilizing.File uploads the loophole person that refers to network attack and uploads an executable file to server simultaneously
It executes.Here the file of upload can be wooden horse, virus, malicious file or web shell etc..This mode is usually black
Be in the gimmick of visitor's attack website it is the most directly and effective, the utilization technical threshold that partial document uploads loophole is very low,
It is easy to implement for attacker.File uploads loophole can incite somebody to action itself is a huge loophole, web shell is endangered
The harm of this loophole is infinitely amplified.After most of upload loophole is utilized, attacker can leave web shell and facilitate control
System processed is subsequent into system.
Upload web shell mode is generallyd use for upload Hole Detection in the related technology to check, is uploaded after detection
Web shell will continue to stay in the server, will cause the occupancy of server storage in this way, and it is empty to be unfavorable for server storage
Between effective use.
Summary of the invention
The embodiment of the present disclosure provides method, terminal device and the server that detection file uploads loophole, can at least solve
Web shell detects file and occupies server storage in the related technology, is unfavorable for the effective use of server storage
The problem of.The technical solution is as follows:
According to the first aspect of the embodiments of the present disclosure, a kind of method that detection file uploads loophole is provided, terminal is applied to
Equipment, this method comprises:
Target load is generated, the target load is used to indicate upload file destination, after the file destination is accessed
Delete the file destination;
The target load is sent to server;
Access instruction is sent to server, the access instruction is used to indicate the access file destination;
The feedback information that the server is sent is received, when the feedback information includes preset characters, determines the clothes
Being engaged in, there are files to upload loophole for device.
The method that the detection file of the present embodiment uploads loophole, upload can be automatically deleted after sensing by comparing the relevant technologies
To the detection file of server, the memory space of server is released, improves the effective rate of utilization of memory space.
In one alternate embodiment, the access instruction, which is used to indicate, determines that the file of access is the target uploaded
File.
In one alternate embodiment, deleting the file destination after the file destination is accessed includes: that generation includes
The payload of file destination;
According to the data structure of the payload, authentication code is constructed in the payload and generates target load;
Wherein the authentication code, which is used to indicate, deletes the file destination after the file destination is accessed.
In one alternate embodiment, the method also includes: the file destination is named at random.The present embodiment
The safety that detection process is realized by the random name to detection file reduces the detection file uploaded after detection and does not attack
The risk that the person of hitting utilizes.
In the related technology by way of uploading web shell and carrying out file upload Hole Detection, if weblication
It is upper there are the loophole, attacker can directly upload on web shell to server, this can cause damages to target, attacker
Server can be operated and be destroyed, also violate the agreement of non-destructive testing.In being uploaded in other correlation detection technologies
Back door feature is usually contained in appearance, is easy to be intercepted by Protection Product.Generally speaking, traditional relevant file uploads the inspection of loophole
It surveys to there are the assets of target customer and damages inspection and the larger phenomenon of rate of false alarm.And the disclosed detection file of the present embodiment
The scheme of loophole is uploaded, the detection file for being uploaded to server can be automatically deleted after sensing by comparing the relevant technologies, be released
The memory space of server improves the effective rate of utilization of memory space.Meanwhile the non-destructive of Hole Detection is realized, it avoids
In the related technology upload inspection is carried out by way of uploading web shell, it is possible to which bring attacker is to server
The problem of operation and destruction.
According to the second aspect of an embodiment of the present disclosure, a kind of method that detection file uploads loophole is provided, service is applied to
Device, which comprises
The server receives target load, and the target load is used to indicate upload file destination, in the target text
The file destination is deleted after part is accessed;
The server stores the file destination according to the instruction of the target load;
The server receives access instruction, and the access instruction is used to indicate the access file destination;
The server accesses the file destination according to the instruction of the access instruction, and institute is deleted after accessing successfully
State file destination;
The server generates feedback information, and sends the feedback information to the terminal device.
The method that the detection file of the present embodiment uploads loophole, upload can be automatically deleted after sensing by comparing the relevant technologies
To the detection file of server, the memory space of server is released, improves the effective rate of utilization of memory space.
According to the third aspect of an embodiment of the present disclosure, a kind of terminal device is provided, the terminal device includes: generation mould
Block, communication module and judgment module;Wherein,
The production module, for generating target load, the target load is used to indicate upload file destination, described
The file destination is deleted after file destination is accessed;
The communication module, for being also used to send access instruction to server to the server transmission target load,
The access instruction is used to indicate the access file destination;
The communication module is also used to receive the feedback information that the server is sent;
The judgment module, for determining that there are files for the server when the feedback information includes preset characters
Upload loophole.
In one alternate embodiment, the access instruction, which is used to indicate, determines that the file of access is the target uploaded
File.
In one alternate embodiment, the generation module is specifically also used to:
Generate the payload comprising file destination;
According to the data structure of the payload, authentication code is constructed in the payload and generates target load;
Wherein the authentication code, which is used to indicate, deletes the file destination after the file destination is accessed.
In one alternate embodiment, the generation module is also used to: the file destination is named at random.
According to a fourth aspect of embodiments of the present disclosure, a kind of server is provided, the server includes: communication module, deposits
Store up module and processing module;Wherein,
The communication module, for receiving target load and access instruction, the target load is used to indicate upload target
File deletes the file destination after the file destination is accessed;The access instruction is used to indicate the access target
File;
The memory module, for storing the file destination according to the instruction of the target load;
The processing module for accessing the file destination according to the instruction of the access instruction, and is accessing successfully
After delete the file destination;
The processing module is also used to generate feedback information;
The communication module, for sending the feedback information to the terminal device.
The disclosed detection file of the present embodiment uploads the scheme of loophole, and comparing the relevant technologies can be automatically deleted after sensing
It is uploaded to the detection file of server, releases the memory space of server, improves the effective rate of utilization of memory space.Together
When, the non-destructive of Hole Detection is realized, avoids and carries out upload inspection by way of uploading web shell in the related technology
It looks into, it is possible to the problem of bring attacker is to the operation and destruction of server.It is realized by the random name to detection file
The safety of detection process reduces the risk that the detection file other attacker uploaded after detection utilizes.
It should be understood that above general description and following detailed description be only it is exemplary and explanatory, not
The disclosure can be limited.
Detailed description of the invention
The drawings herein are incorporated into the specification and forms part of this specification, and shows the implementation for meeting the disclosure
Example, and together with specification for explaining the principles of this disclosure.
Fig. 1 is the flow chart for the method that a kind of detection file that the embodiment of the present disclosure provides uploads loophole;
Fig. 2 is the flow chart for the method that a kind of detection file that the embodiment of the present disclosure provides uploads loophole;
Fig. 3 is a kind of logical layer structure schematic diagram for terminal device that the embodiment of the present disclosure provides;
Fig. 4 is a kind of logical layer structure schematic diagram for server that the embodiment of the present disclosure provides.
Specific embodiment
Example embodiments are described in detail here, and the example is illustrated in the accompanying drawings.Following description is related to
When attached drawing, unless otherwise indicated, the same numbers in different drawings indicate the same or similar elements.Following exemplary embodiment
Described in embodiment do not represent all implementations consistent with this disclosure.On the contrary, they be only with it is such as appended
The example of the consistent device and method of some aspects be described in detail in claims, the disclosure.
The embodiment of the present disclosure provides a kind of method that detection file uploads loophole, as shown in Figure 1, the detection file uploads leakage
The method in hole the following steps are included:
101, target load is generated, the target load is used to indicate upload file destination, interviewed in the file destination
The file destination is deleted after asking.Wherein, the file destination of upload is exactly to detect file, and the content for detecting file is required to service
Device must not cause any type of damage.
102, the target load is sent to server;
103, access instruction is sent to server, the access instruction is used to indicate the access file destination;
104, the feedback information that the server is sent is received, when the feedback information includes preset characters, determines institute
Stating server, there are files to upload loophole.
The method that the detection file of the present embodiment uploads loophole, upload can be automatically deleted after sensing by comparing the relevant technologies
To the detection file of server, the memory space of server is released, improves the effective rate of utilization of memory space.
In one alternate embodiment, the access instruction, which is used to indicate, determines that the file of access is the target uploaded
File.
In one alternate embodiment, deleting the file destination after the file destination is accessed includes: that generation includes
The payload of file destination;
According to the data structure of the payload, authentication code is constructed in the payload and generates target load;
Wherein the authentication code, which is used to indicate, deletes the file destination after the file destination is accessed.
In one alternate embodiment, the generation target load specially first confirms that language used in targeted website is special
Property, for example, PHP (Hypertext Preprocessor, HyperText Preprocessor), ASP (Active Server Pages),
ASPX, JSP (JAVA Server Pages), JSPX etc..According to the characteristic of speech sounds of the targeted website, described in corresponding
The syntactic constructs target load Payload of characteristic of speech sounds.The disclosed detection file of the present embodiment uploads the scheme of loophole according to mesh
The different language characteristic that mark website uses carries out writing adaptable accurately Payload detection load, reduces the relevant technologies
The rate of false alarm of middle detection improves the accuracy of detection.The relevant technologies can be reduced or avoided in the detection method of the embodiment
In the problem of failing to report and reporting by mistake.
In one alternate embodiment, the method also includes: the file destination is named at random.The present embodiment
File designation is carried out using random naming rule to the detection file, is tried not identical as normal file name.The present embodiment
The scheme that disclosed detection file uploads loophole realizes the safety of detection process, drop by the random name to detection file
The risk that the other attacker of detection file uploaded after low detection utilizes.
The present embodiment realizes the safety of detection process by the random name to detection file, reduces on after detection
The risk that the other attacker of detection file of biography utilizes.
In alternative embodiment, the method also includes: the server monitor the uploading detection file it is accessed when
Between and order;To upload target detection file accessed when listening to, and when order is first time, standard deletes the detection text uploaded
Part.Have in the related technology using upload PHPinfo ();Loophole successfully is uploaded to detect website to judge whether file uploads.
This detection mode seems harmless, but actually but has the harm of leakage destination service sensitive information.If after inspection
Forget to delete file, convenience can be provided to other attackers.The disclosed detection file of above-mentioned two embodiment uploads the side of loophole
Case is avoided and is detected in the related technology by detecting realizing from deletion to the non-destructive for uploading Hole Detection for file after detection
Person forgets the leakage for the sensitive information that deletion detection file may cause, and provides the safety of file uploading detection.
Based on technical solution disclosed in the corresponding embodiment of Fig. 1 and above-mentioned other embodiments, for the invention to the disclosure
Content carries out further sufficiently disclosure, following embodiment and further discloses the realization of leak detection method of the present invention
Process.
Step 1: generating target load.The characteristic of speech sounds according to used in targeted website (PHP, ASP, JAVA), utilizes volume
The syntactic constructs of Cheng Yuyan go out target effective load p ayload that is lossless and can deleting certainly.
Step 2: will include that the detection file of target load Payload uploads, to the text detection filename of upload
Random name is carried out to use.
Step 3: server of the upload target load to targeted website.
Step 4: being uploaded to the detection file of server by targeted website web access.
Step 5: server and judge access file whether be upload detection file, and in the detection file whether
Comprising preset characters,;If the access file is comprising preset characters in the detection file uploaded and the detection file, really
Recognize the destination web server and there is upload loophole.
Illustratively, disclosure following embodiment respectively with PHP, (locate in advance by Hypertext Preprocessor, hypertext
Manage device), ASP (Active Server Pages), ASPX, JSP (JAVA Server Pages), JSPX this few class programming language
For example, exemplary introduction writes construction during generating target load with the corresponding language, and there is access once just to self delete
The Payload that removes and the realization process for constructing target detection file.
Illustratively, as follows with the PHP language generation target load execution file upload leak detection method process:
Generate target load: <? PHP echo md5 (233);unlink(__FILE__);>
Judge feedback message: confirmation feedback message has preset characters e165421110ba03099a1c0393373c5b43
Character string, it is determined that there are files to upload loophole for destination web server
Illustratively, as follows with the ASP language generation target load execution file upload leak detection method process::
Generate target load: < %
Response.Write
chr(101)&chr(49)&chr(54)&chr(53)&chr(52)&chr(50)&chr(49)&chr(49)&c hr
(49)&chr(48)&chr(98)&chr(97)&chr(48)&chr(51)&chr(48)&chr(57)&chr(57)&chr(97)&
chr(49)&chr(99)&chr(48)&chr(51)&chr(57)&chr(51)&chr(51)&chr(55)&chr(51)&chr
(99)&chr(53)&chr(98)&chr(52)&chr(51)
CreateObject("Scripting.FileSystemObject").DeleteFile(server.mappath
(Req uest.ServerVariables("SCRIPT_NAME")))
% >
Judge feedback message: confirmation feedback message has preset characters e165421110ba03099a1c0393373c5b
43, it is determined that there are files to upload loophole for destination web server.
Illustratively, as follows with the ASPX language generation target load execution file upload leak detection method process
Generate target load:<%@Page Language=" C# " %>
< %
Response.Write(System.Text.Encoding.GetEncoding(65001).GetString(Syst
em.Convert.FromBase64String("ZTE2NTQyMTExMGJhMDMwOTlhMWMwM zkzMzczYzViNDM
=")));
System.IO.File.Delete(Request.PhysicalPath);
% >
Judge feedback message: confirmation feedback message has preset characters e165421110ba03099a1c0393373c5b
43, it is determined that there are files to upload loophole for destination web server.
Illustratively, as follows with the JSP language generation target load execution file upload leak detection method process
Generate target load: < %
out.println(new String(new
sun.misc.BASE64Decoder().decodeBuffer("ZTE2NTQyMTExMGJhMDM
WOTlhMWMwMzkzMzczYzViNDM=")));
new
JAVA.io.File(application.getRealPath(request.getServletPath()))
.delete();
% >
Judge feedback message: confirmation feedback message has preset characters e165421110ba03099a1c0393373c5b
43, it is determined that there are files to upload loophole for destination web server
Illustratively, with JSPX language generation target load execute the file upload leak detection method process as follows into
Row construction detection file processes and carry out detection deterministic process it is as follows: generate target load:
<? xml version=" 1.0 " encoding=" UTF-8 "?>
< jsp:root xmlns=" http://www.w3.org/1999/xhtml " version=" 2.0 " xmlns:
Jsp=" http://JAVA.sun.com/JSP/Page " xmlns:c=" http://JAVA.sun.com/jsp/jstl/
core">
< jsp:directive.page contentType=" text/html;Charset=UTF-8 " language
=" JAVA "/>
<jsp:scriptlet>
out.println(new String(newsun.misc.BASE64Decoder().decodeBuffer("
ZTE2NTQyMTExMGJhMDMwOTl hMWMwMzkzMzczYzViNDM=")));
new
JAVA.io.File(application.getRealPath(request.getServletPath()))
.delete();
</jsp:scriptlet>
</jsp:root>
Judge feedback message: confirmation feedback message has preset characters e165421110ba03099a1c0393373c5b,
Then determine that there are files to upload loophole for destination web server.
The embodiment of the present disclosure provides a kind of method that detection file uploads loophole, and such as Fig. 2 is applied to server, the side
Method includes the following steps:
201, the server receives target load, and the target load is used to indicate upload file destination, in the mesh
The file destination is deleted after mark file is accessed;
202, the server stores the file destination according to the instruction of the target load;
203, the server receives access instruction, and the access instruction is used to indicate the access file destination;
204, the server accesses the file destination according to the instruction of the access instruction, and deletes after accessing successfully
Except the file destination.
The server generates feedback information, and sends the feedback information to the terminal device.
Based on terminal device described in the corresponding embodiment of above-mentioned Fig. 1, following is disclosure terminal device embodiment,
It can be used for executing embodiments of the present disclosure.Described device, such as Fig. 3, comprising:
According to the third aspect of an embodiment of the present disclosure, a kind of terminal device is provided, the terminal device includes: 301 generations
Module, 302 communication modules and 303 judgment modules;Wherein,
The production module, for generating target load, the target load is used to indicate upload file destination, described
The file destination is deleted after file destination is accessed;
The communication module, for being also used to send access instruction to server to the server transmission target load,
The access instruction is used to indicate the access file destination;
The communication module is also used to receive the feedback information that the server is sent;
The judgment module, for determining that there are files for the server when the feedback information includes preset characters
Upload loophole.
In one alternate embodiment, the access instruction is used to indicate the access file destination and includes:
The access instruction, which is used to indicate, determines that the file of access is the file destination uploaded.
In one alternate embodiment, the generation module is specifically also used to:
Generate the payload comprising file destination;
According to the data structure of the payload, authentication code is constructed in the payload and generates target load;
Wherein the authentication code, which is used to indicate, deletes the file destination after the file destination is accessed.
In one alternate embodiment, the generation module is also used to: the file destination is named at random.
Based on the method that detection file uploads loophole described in the corresponding embodiment of above-mentioned Fig. 2, following is the disclosure
The embodiment of server can be used for executing embodiments of the present disclosure.The server, such as Fig. 4, comprising: communication module
401, memory module 402 and processing module 403;Wherein,
The communication module, for receiving target load and access instruction, the target load is used to indicate upload target
File deletes the file destination after the file destination is accessed;The access instruction is used to indicate the access target
File;
The memory module, for storing the file destination according to the instruction of the target load;
The processing module for accessing the file destination according to the instruction of the access instruction, and is accessing successfully
After delete the file destination;
The processing module is also used to generate feedback information;
The communication module, for sending the feedback information to the terminal device
Based on the method that detection file uploads loophole described in the corresponding embodiment of above-mentioned Fig. 1 and Fig. 2, this public affairs
It opens embodiment and a kind of computer readable storage medium is also provided, for example, non-transitorycomputer readable storage medium can be only
Read memory (English: Read Only Memory, ROM), random access memory (English: Random Access Memory,
RAM), CD-ROM, tape, floppy disk and optical data storage devices etc..It is stored with computer instruction on the storage medium, for executing
Data transmission method described in the corresponding embodiment of above-mentioned Fig. 1 and Fig. 2, details are not described herein again.
The method that the disclosed detection file of the present embodiment uploads loophole, comparing the relevant technologies and comparing the relevant technologies can examine
It is automatically deleted the detection file for being uploaded to server after survey, releases the memory space of server, improve memory space has
Imitate utilization rate.Meanwhile the non-destructive of Hole Detection is realized, it avoids in the related technology by way of uploading web shell
Carry out upload inspection, it is possible to the problem of bring attacker is to the operation and destruction of server.It is used according to targeted website
Different language characteristic carries out writing adaptable accurately Payload detection file, reduces the wrong report detected in the related technology
Rate improves the accuracy of detection.By detecting realizing from deletion to the non-destructive for uploading Hole Detection for file after detection,
It avoids tester in the related technology to forget to delete the leakage for the sensitive information that detection file may cause, provides file upload
The safety of detection.The safety that detection process is realized by the random name to detection file, uploads after reducing detection
The risk that utilizes of the other attacker of detection file.
Those skilled in the art will readily occur to its of the disclosure after considering specification and practicing disclosure disclosed herein
Its embodiment.This application is intended to cover any variations, uses, or adaptations of the disclosure, these modifications, purposes or
Person's adaptive change follows the general principles of this disclosure and including the undocumented common knowledge in the art of the disclosure
Or conventional techniques.The description and examples are only to be considered as illustrative, and the true scope and spirit of the disclosure are by following
Claim is pointed out.
It should be understood that the present disclosure is not limited to the precise structures that have been described above and shown in the drawings, and
And various modifications and changes may be made without departing from the scope thereof.The scope of the present disclosure is only limited by the accompanying claims.
Claims (10)
1. a kind of method that detection file uploads loophole, which is characterized in that be applied to terminal device, which comprises
Target load is generated, the target load is used to indicate upload file destination, deletes after the file destination is accessed
The file destination;
The target load is sent to server;
Access instruction is sent to server, the access instruction is used to indicate the access file destination;
The feedback information that the server is sent is received, when the feedback information includes preset characters, determines the server
There are files to upload loophole.
2. the method according to claim 1, wherein
The access instruction, which is used to indicate, determines that the file of access is the file destination uploaded.
3. according to the method described in claim 2, it is characterized in that, deleting the file destination after the file destination is accessed
It include: to generate the payload comprising file destination;
According to the data structure of the payload, authentication code is constructed in the payload and generates target load;Wherein
The authentication code, which is used to indicate, deletes the file destination after the file destination is accessed.
4. according to the method described in claim 3, it is characterized in that, the method also includes:
The file destination is named at random.
5. a kind of method that detection file uploads loophole, which is characterized in that be applied to server, which comprises
The server receives target load, and the target load is used to indicate upload file destination, in the file destination quilt
The file destination is deleted after access;
The server stores the file destination according to the instruction of the target load;
The server receives access instruction, and the access instruction is used to indicate the access file destination;
The server accesses the file destination according to the instruction of the access instruction, and the mesh is deleted after accessing successfully
Mark file;
The server generates feedback information, and sends the feedback information to the terminal device.
6. a kind of terminal device, which is characterized in that the terminal device includes: generation module, communication module and judgment module;Its
In,
The production module, for generating target load, the target load is used to indicate upload file destination, in the target
The file destination is deleted after file is accessed;
The communication module, it is described for being also used to send access instruction to server to the server transmission target load
Access instruction is used to indicate the access file destination;
The communication module is also used to receive the feedback information that the server is sent;
The judgment module, for when the feedback information includes preset characters, determining the server, there are file uploads
Loophole.
7. terminal device according to claim 6, which is characterized in that
The access instruction, which is used to indicate, determines that the file of access is the file destination uploaded.
8. terminal device according to claim 7, which is characterized in that the generation module is specifically also used to:
Generate the payload comprising file destination;
According to the data structure of the payload, authentication code is constructed in the payload and generates target load;Wherein
The authentication code, which is used to indicate, deletes the file destination after the file destination is accessed.
9. terminal device according to claim 4, which is characterized in that the generation module is also used to:
The file destination is named at random.
10. a kind of server, which is characterized in that the server includes: communication module, memory module and processing module;Wherein,
The communication module, for receiving target load and access instruction, the target load is used to indicate upload file destination,
The file destination is deleted after the file destination is accessed;The access instruction is used to indicate the access file destination;
The memory module, for storing the file destination according to the instruction of the target load;
The processing module for accessing the file destination according to the instruction of the access instruction, and is deleted after accessing successfully
Except the file destination;
The processing module is also used to generate feedback information;
The communication module, for sending the feedback information to the terminal device.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810805510.4A CN109086608A (en) | 2018-07-20 | 2018-07-20 | A kind of detection file uploads method, terminal device and the server of loophole |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810805510.4A CN109086608A (en) | 2018-07-20 | 2018-07-20 | A kind of detection file uploads method, terminal device and the server of loophole |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109086608A true CN109086608A (en) | 2018-12-25 |
Family
ID=64838384
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810805510.4A Pending CN109086608A (en) | 2018-07-20 | 2018-07-20 | A kind of detection file uploads method, terminal device and the server of loophole |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109086608A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109992967A (en) * | 2019-03-12 | 2019-07-09 | 福建拓尔通软件有限公司 | A kind of method and system for realizing automatic detection file security when file uploads |
CN111046393A (en) * | 2019-12-14 | 2020-04-21 | 深圳市优必选科技股份有限公司 | Vulnerability information uploading method and device, terminal equipment and storage medium |
CN112182583A (en) * | 2020-09-27 | 2021-01-05 | 国网山东省电力公司电力科学研究院 | File uploading vulnerability detection method and system based on WEB application |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103281325A (en) * | 2013-06-04 | 2013-09-04 | 北京奇虎科技有限公司 | Method and device for processing file based on cloud security |
US20180075262A1 (en) * | 2016-09-15 | 2018-03-15 | Nuts Holdings, Llc | Nuts |
CN107832617A (en) * | 2017-09-15 | 2018-03-23 | 北京知道未来信息技术有限公司 | A kind of PHP code performs the black box detection method and device of leak |
-
2018
- 2018-07-20 CN CN201810805510.4A patent/CN109086608A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103281325A (en) * | 2013-06-04 | 2013-09-04 | 北京奇虎科技有限公司 | Method and device for processing file based on cloud security |
US20180075262A1 (en) * | 2016-09-15 | 2018-03-15 | Nuts Holdings, Llc | Nuts |
CN107832617A (en) * | 2017-09-15 | 2018-03-23 | 北京知道未来信息技术有限公司 | A kind of PHP code performs the black box detection method and device of leak |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109992967A (en) * | 2019-03-12 | 2019-07-09 | 福建拓尔通软件有限公司 | A kind of method and system for realizing automatic detection file security when file uploads |
CN111046393A (en) * | 2019-12-14 | 2020-04-21 | 深圳市优必选科技股份有限公司 | Vulnerability information uploading method and device, terminal equipment and storage medium |
CN112182583A (en) * | 2020-09-27 | 2021-01-05 | 国网山东省电力公司电力科学研究院 | File uploading vulnerability detection method and system based on WEB application |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10243679B2 (en) | Vulnerability detection | |
US20170223043A1 (en) | Determine vulnerability using runtime agent and network sniffer | |
CN103856471B (en) | cross-site scripting attack monitoring system and method | |
US9442783B2 (en) | Methods and systems for providing security for page framing | |
JP2004164617A (en) | Automated detection of cross site scripting vulnerability | |
CN109086608A (en) | A kind of detection file uploads method, terminal device and the server of loophole | |
US20150096036A1 (en) | Security Testing Using Semantic Modeling | |
EP1999609A2 (en) | Client side attack resistant phishing detection | |
CN107733847A (en) | Platform Website login method, apparatus, computer equipment and readable storage medium storing program for executing | |
US20100058479A1 (en) | Method and system for combating malware with keystroke logging functionality | |
CN103001946B (en) | Website security detection method and equipment | |
CN102970282B (en) | website security detection system | |
CN105024986A (en) | Account login method, device and system | |
JP2005182798A (en) | Subscriber identification module (sim) emulator | |
CN109361713A (en) | Internet risk monitoring and control method, apparatus, equipment and storage medium | |
WO2019144548A1 (en) | Security test method, apparatus, computer device and storage medium | |
CN110048932A (en) | Validation checking method, apparatus, equipment and the storage medium of mail Monitoring function | |
CN109067717A (en) | A kind of method and device detecting SQL injection loophole | |
CN112000984A (en) | Data leakage detection method, device, equipment and readable storage medium | |
KR100984639B1 (en) | Automatic security assessment system and its implementation method | |
CN109088872A (en) | Application method, device, electronic equipment and the medium of cloud platform with service life | |
JP5082555B2 (en) | Security inspection model generation device, security inspection model inspection device, and security inspection model generation program | |
CN115828256A (en) | Unauthorized and unauthorized logic vulnerability detection method | |
CN105490993A (en) | Method and apparatus for preventing Cookie tracking in browser | |
CN106302004A (en) | network detecting method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181225 |