Web開発者と情報セキュリティの入門者が必ず知っておくべきWebハッキング&セキュアコーディング
crehacktive
情報セキュリティ入門者とWeb開発者のためのWebハッキング入門講義!今回の講義をはじめ、Webハッキングを楽しく始めましょう!
Basic
Penetration Testing, Injection
File Upload Vulnerability Advanced Attack Techniques PART2 [Integrated Edition]
The ultimate web hacking! File upload vulnerability attack technique! Part 2 of the 'Part 1' education follows Part 1 and covers more advanced techniques.
What you will learn!
Understanding the Java File Upload Library
Potential security threat to Java file upload library
Understanding Web Firewalls
Web Firewall Bypass Technology
Understanding different environments
Webshell Upload Attack Methods in Various Environments
Something you can't hear anywhere else
I included it in the lecture!
There are many avenues for learning web hacking today. Whether it's online courses like Inflearn, offline academies, or search engines, most of the common avenues tend to focus on general information. However, this course is different. We pride ourselves on offering content you won't find anywhere else !
File Upload Vulnerability Attack Part 2-1
Check out the learning content!
Upload verification logic is known to be safe, but is it really safe?
The source code below is known to be safe from file upload vulnerabilities. So, is it really safe?
...
String path = request.getRealPath( "/upload" );
MultipartRequest multi = new MultipartRequest (request, path, 1024 * 10 * 10 , "UTF-8" );
Enumeration formNames = multi.getFileNames();
while (formNames.hasMoreElements()) {
String param = (String)formNames.nextElement();
String uploadFile = multi.getFilesystemName(param);
int extOffset = uploadFile.lastIndexOf( "." );
String fileExt = uploadFile.substring(extOffset+ 1 ).toLowerCase();
if (!fileExt.equals( "jpg" ) && !fileExt.equals( "png" ) && !fileExt.equals( "gif" )) {
File fp = new File (path, uploadFile);
fp.delete();
out.println(“ <script>alert(‘잘못된 확장자’);history.back(-1);</script> ");
return;
}
}
... No, the source code is 'vulnerable' .
Why this code is vulnerable and how to exploit it are covered in detail in Part 2-1 of the lecture.
Want to know more? 📚
Understanding Cases by File Upload Library
We analyze each file upload library, covering potential security threats and various case scenarios.
File Upload Vulnerability Attack Part 2-2
Check out the learning content!
Web Firewall Bypass Techniques Case Study
Learn about various web firewall bypass techniques and practice using these attack techniques.
File Upload Vulnerability Attack Part 2-3
Check out the learning content!
This article details the directory parsing vulnerability found in JEUS and WebSphere, examining why it poses a threat today and the attack methodology behind it. (IBM WebSphere CVE-2020-4163)
Let's take a closer look at various other environments and cases.
Recommended for
these people
Who is this course right for?
Practitioners who perform simulated hacking or vulnerability diagnostics in the field
job seeker
Need to know before starting?
web technology
Web Hacking Basics
File Download Vulnerability Knowledge
File Upload Vulnerability Knowledge
26,251
Learners
1,398
Reviews
502
Answers
4.9
Rating
18
Courses
안녕하세요, 크리핵티브입니다.
다년간 다양한 웹 서비스를 진단하고 연구한 경험을 바탕으로, 실무에 바로 적용 가능한 지식을 인프런 플랫폼에서 공유해오고 있습니다.
그리고 웹 해킹 기초를 체계적으로 다룬 『크리핵티브의 한 권으로 끝내는 웹 해킹 바이블』을 집필했습니다. 기초가 부족한 분들께는 이 책으로 학습을 시작하실 것을 권합니다.
『크리핵티브의 한 권으로 끝내는 웹 해킹 바이블』 저자
이메일 : crehacktive3@naver.com
Curriculum
All
72 lectures ∙ (6hr 10min)
Course Materials:
Lecture resources
Published:
Last updated:
Reviews
All
7 reviews
4.9
7 reviews
hskim0001Reviews 4
∙
Average Rating 5.0
- sonasup3719
Reviews 7
∙
Average Rating 4.3
- sj331
Reviews 3
∙
Average Rating 5.0
- jeonghyeonjang6559
Reviews 3
∙
Average Rating 5.0
- hopefordream
Reviews 17
∙
Average Rating 4.8
$84.70
crehacktive's other courses
Check out other courses by the instructor!
Similar courses
Explore other courses in the same field!
