(3.210.184.142) 您好!臺灣時間:2021/05/09 10:13
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果

詳目顯示:::

我願授權國圖
: 
twitterline
研究生:陳靖德
研究生(外文):Ching-Te Chen
論文名稱(外文):PDE: A Solution to Detect Malicious PHP Scripts
指導教授:許富皓許富皓引用關係
學位類別:碩士
校院名稱:國立中央大學
系所名稱:資訊工程學系
學門:工程學門
學類:電資工程學類
論文出版年:2020
畢業學年度:108
語文別:中文
論文頁數:55
中文關鍵詞:PHP濫用檔案上傳檔案上傳漏洞本地文件包含漏洞遠端程式碼執行
外文關鍵詞:PHPAbuse File UploadFile Upload VulnerabilityLocal File InclusionRemote Code Evaluation
相關次數:
  • 被引用被引用:0
  • 點閱點閱:42
  • 評分評分:系統版面圖檔系統版面圖檔系統版面圖檔系統版面圖檔系統版面圖檔
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:0
從 PHP(PHP: Hypertext Preprocessor)被發明至今已經 25 年了,現在還是人們廣為使用的程式語言之一,特別是在 Web 應用服務上。但因為它的易使用性,人們常常寫出不安全的腳本(Script),或是使用錯誤的配置,導致伺服器被注入惡意的 PHP 腳本,進而取得伺服器的控制權,或是盜取機敏資料。

此篇論文實作一套解決方案,名為 PDE(PHP Defense Extension),讓 PHP 在執行腳本前,能夠辨識出可能是惡意的腳本,並拒絕執行。
It has been 25 years since PHP (PHP: Hypertext Preprocessor) was invented, and it is still one of the widely used programming languages, especially in web applications. But because of its ease of use, people often write insecure scripts, or use the wrong configuration, resulting in a server being injected with malicious PHP scripts, and then gaining control of the server, or stealing confidential information.

This paper implements a solution called PDE (PHP Defense Extension), which allows PHP to identify a potentially malicious script before executing the script and refuses to execute it.
摘要.................................. i
Abstract ............................. ii
誌謝.................................. iii
目錄.................................. iv
圖目錄................................ vi
表目錄................................ viii
第 1 章 緒論.......................... 1
第 2 章 背景介紹...................... 2
2.1 PHP: Hypertext Preprocessor .. 2
2.1.1 PHP .................... 3
2.1.2 Zend Opcache ........... 3
2.1.3 Extension............... 3
2.1.4 PHP-FPM................. 4
2.2 數位簽章...................... 5
2.3 Threat Model ................. 8
2.3.1 Abuse File Upload ...... 8
2.3.2 Local File Inclusion ... 12
2.3.3 Remote File Inclusion .. 13
2.3.4 CVE-2019-11043.......... 13
第 3 章 相關研究...................... 17
3.1 處理上傳檔案.................. 17
3.1.1 檢查附檔名.............. 17
3.1.2 檢查MIME Type .......... 17
3.1.3 重新處理檔案............ 18
3.2 SELinux 或AppArmor ........... 18
3.3 靜態分析...................... 18
3.4 PharUtil ..................... 19
3.5 Signing PowerShell Scripts ... 19
第 4 章 系統設計與實作................ 20
4.1 System Layout ................ 20
4.2 PDE Signer ................... 26
4.3 PDE Filter ................... 27
4.4 編譯且安裝.................... 27
第 5 章 實驗結果及分析................ 29
5.1 結果驗證...................... 29
5.1.1 Abuse File Upload ...... 29
5.1.2 Local File Inclusion ... 30
5.1.3 Remote File Inclusion .. 30
5.1.4 Laravel ................ 30
5.1.5 CVE-2019-11043.......... 32
5.1.6 修改網站原有腳本........ 34
5.2 效能分析...................... 34
第 6 章 討論.......................... 38
6.1 限制.......................... 38
6.2 未來研究...................... 38
第 7 章 總結.......................... 40
參考文獻.............................. 41
[1] T. P. Group. (1995). “The php interpreter,” [Online]. Available: https://github.com/php/php-src (visited on 07/13/2020).
[2] Facebook. (2011). “A virtual machine for executing programs written in hack,” [Online]. Available: https://github.com/facebook/hhvm (visited on 07/13/2020).
[3] P. Bissonette. (2015). “Lockdown results and hhvm performance,” [Online]. Available: https://hhvm.com/blog/9293/lockdown-results-and-hhvm-performance (visited on 07/13/2020).
[4] SpaceX. (2018). “Simultaneous landing of two side boosters of the falcon heavy rocket.” File: Falcon Heavy Side Boosters landing on LZ1 and LZ2 - 2018(25254688767).jpg, [Online]. Available: https://commons.wikimedia.org/wiki/File:Falcon_Heavy_Side_Boosters_landing_on_LZ1_and_LZ2_-_2018_(25254688767).jpg (visited on 06/23/2020).
[5] T. P. Group. (2018). “Php rfc: Deprecations for php 7.4,” [Online]. Available: https://wiki.php.net/rfc/deprecations_php_7_4#allow_url_include (visited on 07/21/2020).
[6] 周峻佑. (2019). “Php 再傳遠端程式碼執行漏洞,波及nginx 網站伺服器,” [Online]. Available: https://www.ithome.com.tw/news/133904 (visited on 07/04/2020).
[7] neex. (2019). “Phuip-fpizdam - exploit for cve-2019-11043,” [Online]. Available: https://github.com/neex/phuip-fpizdam (visited on 07/04/2020).
[8] O. Tsai. (2019). “An analysis and thought about recently php-fpm rce(cve-2019-11043),” [Online]. Available: https://blog.orange.tw/2019/10/an-analysisand-thought-about-recently.html (visited on 07/04/2020).
[9] LoRexxar’@ 知道创宇404 实验室. (2019). “Php-fpm 远程代码执行漏洞(cve-2019-11043) 分析,” [Online]. Available: https://paper.seebug.org/1063/ (visited on 07/04/2020).
[10] OWASP. (2020). “Unrestricted file upload,” [Online]. Available: https://owasp.org/www-community/vulnerabilities/Unrestricted_File_Upload (visited on 07/08/2020).
[11] theMiddle. (2018). “Apparmor: Say goodbye to remote command execution,” [Online]. Available: https://www.secjuice.com/apparmor-say-goodbye-to-remotecommand-execution/ (visited on 07/08/2020).
[12] J. Huang, Y. Li, J. Zhang, and R. Dai, “Uchecker: Automatically detecting phpbased unrestricted file upload vulnerabilities,” in 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2019, pp. 581–592.
[13] koto. (2012). “Pharutil - security-oriented utilities for phar archives,” [Online]. Available: https://github.com/koto/phar-util (visited on 07/08/2020).
[14] Microsoft. (2020). “Powershell documentation,” [Online]. Available: https://docs.microsoft.com/zh-tw/powershell/ (visited on 07/20/2020).
[15] ——, (2018). “About signing - powershell | microsoft docs,” [Online]. Available: https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_signing?view=powershell-7 (visited on 07/20/2020).
[16] Warren. (2020). “Signing powershell scripts,” [Online]. Available: https://dev.to/wozzo/signing-powershell-scripts-5al7 (visited on 07/20/2020).
電子全文 電子全文(網際網路公開日期:20250630)
連結至畢業學校之論文網頁點我開啟連結
註: 此連結為研究生畢業學校所提供,不一定有電子全文可供下載,若連結有誤,請點選上方之〝勘誤回報〞功能,我們會盡快修正,謝謝!
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
無相關論文
 
無相關期刊
 
無相關點閱論文
 
系統版面圖檔 系統版面圖檔