Ã‘ÂÃ‘Â‚ÃÂ¾ÃÂ¼ - Xakep Online

More documents

Recommendations

Info

42 ÎØÈÁÊÈ ÌÎËÎÄÎÑÒÈ ÑÏÅÖ 02-07Ñõåìà ðàáîòû mod_rewrite÷åðåç ïàðàìåòð id. Òî åñòü ðåàëüíûé URL äëÿ ïðîñìîòðàíîâîñòè ïîä íîìåðîì 1 áóäåò âûãëÿäåòü òàê:http://www.òâîé_ñåðâåð.ru/news.php?id=1×òîáû õàêåð íå âèäåë ýòîãî, äåëàåì ñëåäóþùóþìàñêèðîâêó:RewriteRule ^news_([0-9]*).htmnews.php?id=$1Òåïåðü äëÿ ïðîñìîòðà íîâîñòè íåîáõîäèìî áóäåòíàáðàòü â URL:http://www.òâîé_ñåðâåð.ru/news_1.htmlÂ ñàìîì íà÷àëå ñòîèò ñèìâîë êðûøè. Íåò, ýòîíå áàíäèòû, êîòîðûå áóäóò ïðåäîñòàâëÿòü íàì êðûøó,ýòî òàêîé ñèìâîë (^), îáîçíà÷àþùèé íà÷àëîñòðîêè :). Ïîñëå ýòîãî èäåò òåêñòîâàÿ ñòàòè÷åñêàÿ÷àñòü (news_), êîòîðàÿ áóäåò âûäåëÿòü øàáëîí èçìàññû äðóãèõ. Âåäü íà ñàéòå ìîãóò áûòü åùåè ñòàòüè, è ôîðóì, è åùå ìíîãî ÷åãî èíòåðåñíîãî.Çàòåì â ñêîáî÷êàõ óêàçûâàåì øàáëîí òîãî, ÷òî ìîæåòáûòü â ýòîì ìåñòå URL-àäðåñà. Òàê êàê èäåíòèôèêàòîðíîâîñòè — ýòî ÷èñëî, òî øàáëîí âûãëÿäèòòàê: [0-9] — ëþáûå ñèìâîëû îò íóëÿ äî äåâÿòè, ïîñëåñòîèò çâåçäî÷êà, êîòîðàÿ ãîâîðèò, ÷òî öèôð ìîæåòáûòü íåñêîëüêî. Ïîñëå øàáëîíà ñíîâà èäåò ñòàòè÷åñêàÿ÷àñòü:news.php?id=$1 — âî ×òî íóæíî ïðåâðàòèòüâèðòóàëüíûé àäðåñ, $1 — ñîîòâåòñòâóåòçíà÷åíèþ, âûðåçàííîìó ïî ïåðâîìóøàáëîíó (ó íàñ îí åäèíñòâåííûé)Áëàãîäàðÿ øàáëîíó óáèâàåì äâóõ çàéöåâ, è åùå îäíîãîðàçðûâàåì â êëî÷üÿ :). Ïåðâûé çàÿö çàêëþ÷àåòñÿâ òîì, ÷òî ìû ïðÿ÷åì ðåàëüíûé PHP-ñöåíàðèé.Âòîðîé çàÿö — ýòî òî, ÷òî õàêåð íå âèäèò èìÿ ïàðàìåòðà.Íó, à òðåòèé çàÿö, êîòîðîãî ïðîñòî ïîðâàëî— ýòî òî, ÷òî õàêåð íå ñìîæåò ïåðåäàòü ñöåíàðèþíè÷åãî, êðîìå ÷èñåë. Øàáëîí [0-9] âûðåçàåòëþáûå áóêâû è ñèìâîëû, à çíà÷èò, èíúåêöèÿ ñòàíîâèòñÿíåâîçìîæíîé.Íî åñëè õàêåð âû÷èñëèò ðåàëüíûé ñöåíàðèé èåãî ïàðàìåòð, òî ìû íå òî ÷òî çàéöåâ íå óáüåì, ìûäàæå ìóõó íå èñïóãàåì! Îáðàòèâøèñü ê news.phpíàïðÿìóþ, õàêåð îáõîäèò âñå ïðàâèëà mod_rewrite.×òîáû õàêåð íå ñìîã îáðàòèòüñÿ ê ôèçè÷åñêèìôàéëàì íà ñåðâåðå, ìîæíî âûïîëíèòü îäíî èçñëåäóþùèõ óñëîâèé:1 ÇÀÏÐÅÒÈÒÜ ÏÐßÌÎÉ ÄÎÑÒÓÏ ÊPHP-ÑÖÅÍÀÐÈßÌ, ×ÒÎÁÛ ÕÀÊÅÐÓÏÐÈØËÎÑÜ ÈÑÏÎËÜÇÎÂÀÒÜ ÂÈÐÒÓÀËÜ-ÍÓÞ ÏÛËÜ, ÊÎÒÎÐÓÞ ÌÛ ÍÀÏÓÑÒÈËÈ.2 ÍÈÊÎÃÄÀ ÍÅ ÍÀÇÛÂÀÒÜ ÑÖÅÍÀÐÈÈÏÎÍßÒÍÛÌÈ ÈÌÅÍÀÌÈ.Ãëàâíàÿ ñòðàíèöà íèêîãäà íå äîëæíà èìåòü èìÿ index.phpèëè main.php, íàçîâè åå ëó÷øå enter_to_my_private.phpèëè åùå ïîçàáîðèñòåé. Çà íîâîñòè íå äîëæåíîòâå÷àòü ñöåíàðèé news.php, åãî ëó÷øå íàçâàòümy_99545_news.php. Òà æå ïåñíÿ è ñ ïàðàìåòðàìè— çàáóäü ïðî id, sid, index, start, page è ò.ä. È,êîíå÷íî æå, íà mod_rewrite íàäåéñÿ, à ñàì íå ïëîøàé.Ïðîâåðÿé âñå â ñöåíàðèè ñîáñòâåííîðó÷íî,÷òîáû ïðåäîòâðàòèòü àòàêè. Ýòî, êàê ãîâîðèòñÿ, áåçêîììåíòàðèåâ è äîëæíî âûïîëíÿòüñÿ âíå çàâèñèìîñòèîò óñòàíîâëåííûõ äîïîëíèòåëüíûõ ñðåäñòâêîíòðàöåïöèè.Âûøå ìû ðàññìîòðåëè ïðîñòîé ïðèìåð ñ íîâîñòÿìè,êîãäà ÷åðåç ïàðàìåòðû ïåðåäàåòñÿ ÷èñëî.À ÷òî åñëè íóæíî ïåðåäàâàòü ñòðîêó? Äà áåç ïðîáëåì,ïðîñòî ïèøåøü ñëåäóþùèé øàáëîí:RewriteRule ^news_([a-z0-9]*).htmnews.php?id=$1Ýòîò øàáëîí ïîçâîëÿåò ïåðåäàâàòü íå òîëüêî ÷èñëà,íî è áóêâû îò a äî z. Ýòî òîæå íå îïàñíî, ãëàâíîå— íå ðàçðåøàòü èñïîëüçîâàòü ñèìâîëû îäèíàðíîéêàâû÷êè, çàïÿòûå, òèðå è ò.ï. Áóêâû è öèôðûíå íåñóò â ñåáå òàêîé îïàñíîñòè, êàê ñèìâîëû.èòîãî. Ïðè ïðàâèëüíîì êîíôèãóðèðîâàíèè ñåðâåðàè ñ ïîìîùüþ äîïîëíèòåëüíûõ ìîäóëåé ìîæíîçàùèòèòüñÿ äàæå îò óæàñíûõ ñöåíàðèåâ, êîòîðûåïðîñòî êèøàò îøèáêàìè SQL Injection èëè XSS. Åñëèñåðâåð âñå æå âçëîìàëè, òî âèíîâàò íå òîëüêî ïðîãðàììèñò,íî è àäìèíèñòðàòîð.Ñ äðóãîé ñòîðîíû, ïðîãðàììèñò íå äîëæåííàäåÿòüñÿ íà àäìèíà, ÷òî òîò íàñòðîèò ñåðâåð ìàêñèìàëüíîáåçîïàñíî. À àäìèíèñòðàòîð, â ñâîþ î÷åðåäü,íå äîëæåí óïîâàòü íà êîä è íà òî, ÷òî ïðîãðàììèñòíå ñîâåðøèò îøèáîê.www.modsecurity.orgìîäóëü mod_securityhttp://httpd.apache.org/docs/1.3/mod/mod_rewrite.htmlìîäóëü mod_rewriteÏîëó÷èâ òàêîé âèðòóàëüíûé URL, ìîäóëü mod_rewriteïðåîáðàçóåò åãî â ðåàëüíûé http://www.òâîé_ñåðâåð.ru/news.php?id=1è êîððåêòíî âûïîëíèò.Ïîñìîòðèì, êàê ìû äîáèëèñü òàêîãî ñ÷àñòüÿ,ðàçîáðàâ äèðåêòèâó ïî ÷àñòÿì:— REWRITERULEÍÀ×ÀËÎ ÏÐÀÂÈËÀ.— NEWS_([0-9]*).HTMØÀÁËÎÍ, ÎÏÐÅÄÅËßÞÙÈÉ, ÊÀÊ ÁÓÄÅÒÂÛÃËßÄÅÒÜ URL ÄËß ÏÎËÜÇÎÂÀÒÅËß.Èíôîðìàöèÿ ïî mod_rewrite
1 ÌÅÑÒÎ 2 ÌÅÑÒÎ 3 ÌÅÑÒÎÖÈÔÐÎÂÎÉÔÎÒÎÀÏÏÀÐÀÒSAMSUNG NV-7??ÊÎÍÊÓÐÑ ÄËß ×ÈÒÀÒÅËÅÉ ÑÏÅÖÀ!ÌÛ ÏÐÎÂÎÄÈÌ ÊÎÍÊÓÐÑ ÍÀ ËÓ×ØÓÞ ÑÒÀÒÜÞ ÎÒ ÍÀØÈÕ ×ÈÒÀÒÅËÅÉ! ÒÛ ÎÒËÈ×ÍÎ ÐÀÇÁÈ-ÐÀÅØÜÑß Â ÑÎÂÐÅÌÅÍÍÛÕ ÈÍÔÎÐÌÀÖÈÎÍÍÛÕ ÒÅÕÍÎËÎÃÈßÕ? ÄËß ÒÅÁß ÍÅÒ ÑÅÊÐÅÒÎÂÂ ÏÐÎÃÐÀÌÌÈÐÎÂÀÍÈÈ? ÌÎÆÅØÜ ÑÄÅËÀÒÜ ÊÐÓÒÅÉØÈÉ ÂÅÁ-ÑÀÉÒ ÄÀÆÅ Â ÁËÎÊÍÎÒÅ,ÍÀÄÅÆÍÎ ÇÀÙÈÒÈØÜ ÎÒ ÂÒÎÐÆÅÍÈß ÑÅÒÜ ËÞÁÎÃÎ ÐÀÇÌÅÐÀ? ÇÍÀÅØÜ ×ÒÎ-ÒÎ ÒÀÊÎÅ,×ÒÎ ÁÓÄÅÒ ÈÍÒÅÐÅÑÍÎ ÄÐÓÃÈÌ, È ÈÙÅØÜ ÑÏÎÑÎÁ ÏÎÄÅËÈÒÜÑß ÈÍÔÎÐÌÀÖÈÅÉ? ÒÎÃÄÀÒÛ ÏÐÈØÅË ÏÎ ÀÄÐÅÑÓ! ÍÀÏÈØÈ ÑÒÀÒÜÞ ÍÀ ÒÓ ÒÅÌÓ, ÊÎÒÎÐÀß ÒÅÁÅ ÍÀÈÁÎËÅÅ ÁËÈÇÊÀ,Â ÊÎÒÎÐÎÉ ÒÛ ÐÀÇÁÈÐÀÅØÜÑß ËÓ×ØÅ ÂÑÅÕ È ÏÐÈØËÈ ÅÅ ÍÀÌ.Ñëåäè çà ïóáëèêóåìûìè ñïèñêàìè ïîáåäèòåëåé.Ëó÷øèå àâòîðû ïîëó÷àò öåííûå öèôðîâûå ïðèçûîò æóðíàëà «ÑÏÅÖ» è íàøèõ ïàðòíåðîâ!ÓÑËÎÂÈß Ó×ÀÑÒÈßÂ ÊÎÍÊÓÐÑÅ:Â êîíêóðñå áóäóò ó÷àñòâîâàòü ñòàòüè, ïðèñëàííûå äî 1 èþëÿ 2007 ãîäà. Ñòàòüè äîëæíûñîîòâåòñòâîâàòü òåìàòèêå æóðíàëà. Îáúåì ñòàòüè äîëæåí áûòü íå ìåíåå 9 òûñÿ÷ çíàêîâ(ñ ïðîáåëàìè). Ñòàòüÿ äîëæíà âêëþ÷àòü â ñåáÿ èëëþñòðàöèè (êàðòèíêè, ôîòîãðàôèè,ñêðèíøîòû).Êðèòåðèÿìè îöåíêè áóäóò âûñòóïàòü: òåõíè÷åñêàÿ ãðàìîòíîñòü, èíòåðåñíîñòü è íåîáû÷íîñòü,ïîëåçíîñòü, ëèòåðàòóðíàÿ ãðàìîòíîñòü, ñòèëü íàïèñàíèÿ è ëåãêîñòü ÷òåíèÿ ìàòåðèàëà.ÏÐÈÇÛ:Òðåòüå ìåñòî: öèôðîâàé ôîòîêàìåðà Samsung NV-7 c 7-ìåãàïèêñåëüíûì ðàçðåøåíèåìè 7-êðàòíûì çóì-îáúåêòèâîì Schneider-Kreuznach. Âñå ýòî ñîáðàíî âîåäèíî â ëåãêîìè ñòèëüíîì êîðïóñå èç ÷åðíîãî àëþìèíèåãî ñïëàâà, êîòîðûé íàäåæíî çàùèòèò àïïàðàòîò ñëó÷àéíûõ ñòîëêíîâåíèé ñ òâåðäûìè ïðåäìåòàìè.Ìû õîòèì, ÷òîáû òû äåéñòâèòåëüíî ïîñòàðàëñÿ, âûëîæèëñÿ íà âñå ñòî. Ïîýòîìó, ÷òîáûïîäñòåãíóòü òâîå ðâåíèå è çàèíòðèãîâàòü òåáÿ, èíôîðìàöèþ î ïðèçàõ çà 1-îå è 2-îå ìåñòàìû áóäåì äåðæàòü â ñåêðåòå.
Page 1: 02(75)ÔÅÂÐÀËÜ 2007ÅÆÅÌÅ
Page 4 and 5: ÅÆÅÌÅÑß×ÍÛÉÒÅÌÀÒÈ
Page 6 and 7: timeline2000{çàðîæäåíèå}
Page 8: 06 /37 ÃËÎÁÀËÜÍÀß ÝÏÈ
Page 11 and 12: 9æåò âûïîëíÿòü íåñê
Page 13 and 14: 11ñåðâåðå åñòü òàáë
Page 15 and 16: 13Ïîïðîáóåì âñàäèòü
Page 17 and 18: ÝÍÖÈÊËÎÏÅÄÈßGamePostÎ
Page 19 and 20: 17ÝÊÑÏËÎÉÒÀ ÏÎÄ ÊÀÊ
Page 21 and 22: 19çíà÷åíèå èìååò $var1
Page 23 and 24: VERSUS4,3 KENTSFIELD SLINVIDIA Ge
Page 25 and 26: 23ïðèòîíûèíòåðíåòà
Page 27 and 28: 255 /5BugTraq.Ruwww.bugtraq.ru3,5 /
Page 29 and 30: 27Òàáëèöà 1Òàáëèöà 2
Page 31 and 32: 29abstract class Decorator extends
Page 33 and 34: 31PHPÑîçäàâ òàêîé ôàé
Page 36 and 37: 34 ÃËÎÁÀËÜÍÀß ÝÏÈÄÅ
Page 38 and 39: 36 ÃËÎÁÀËÜÍÀß ÝÏÈÄÅ
Page 40: 38 /67 ÎØÈÁÊÈÌÎËÎÄÎÑÒ
Page 43: 41ÁÛÒÜ ÎÁÐÀÙÅÍÈß Ê Ô
Page 47 and 48: 45ïðîèçâîäèì ïðîâåð
Page 49 and 50: 47CyD NET Utilswww.cydsoft.comshare
Page 52 and 53: 50 ÎØÈÁÊÈ ÌÎËÎÄÎÑÒÈ
Page 54 and 55: 52 ÎØÈÁÊÈ ÌÎËÎÄÎÑÒÈ
Page 56: 54 ÎØÈÁÊÈ ÌÎËÎÄÎÑÒÈ
Page 59 and 60: 57Q: Êàê îò SQL injection è X
Page 61 and 62: æå ëþäÿì, ïðîñòî îð
Page 63 and 64: http://www.gameland.ru/ Dark Fall:
Page 65 and 66: 63Íó è, íàêîíåö, Perl î
Page 67 and 68: 65Íåñêîëüêî ñëîâ î Ne
Page 69 and 70: 67http://dm9.ru/cgi-bin/perltest/sc
Page 71 and 72: 69î ïîäëîãå. Îïÿòü æ
Page 73 and 74: 71ñåíêó ïîä íîìåðîì
Page 75 and 76: 73ÊÀÊÈÅ ÑÏÎÑÎÁÛ ÁÎÐ
Page 77: {IT}Ñ ÌÀÐÒÀÂÑÅ ÁÓÄÅÒ
Page 82 and 83: 80 ÑÏÅÖ-TOPIC ÑÏÅÖ 02-07È
Page 84 and 85: 82 ÑÏÅÖ-TOPIC ÑÏÅÖ 02-07Ï
Page 86 and 87: 84 ÑÏÅÖ-TOPIC ÑÏÅÖ 02-07è
Page 88 and 89: 86 ÑÏÅÖ-TOPIC ÑÏÅÖ 02-07ì
Page 90 and 91: 88 ÑÏÅÖ-TOPIC ÑÏÅÖ 02-07ã
Page 92: 90 ÑÏÅÖ-TOPIC ÑÏÅÖ 02-07Ò
Page 95 and 96:
93DEEPNESS IN THE SKYby MFXAETHERby
Page 97 and 98:
îáùåíèÿ äèñêóññèè.
Page 99 and 100:
Vista Manager 1.0.3winxp-manager.co
Page 101 and 102:
MSI MEGABOOKS430($1199) 6 áàëë
Page 103 and 104:
MSI MEGABOOKS430($1199) 6 áàëë
Page 105 and 106:
2Àíäðåé Êàðàìíîââå
Page 107 and 108:
105 |ìÿ îíëàéí, æäåò â
Page 109 and 110:
Ðûêîâ áûë óâåðåí: î
Page 111 and 112:
ìîæíîãî çàêëàäûâàí
Page 113 and 114:
Õâàëþ. Íàì áû ñ âàìè
Page 115:
Думаешь, что посмот
show all

Ã‘ÂÃ‘Â‚ÃÂ¾ÃÂ¼ - Xakep Online

Create successful ePaper yourself

Delete template?

Save as template?

Ã‘ÂÃ‘Â‚ÃÂ¾ÃÂ¼ - Xakep Online