Welcome toVigges Developer Community-Open, Learning,Share
Ask a Question
Welcome To Ask or Share your Answers For Others

Categories

Server执行Linux 命令如何避免前端参数攻击?

0 votes
329 views
in Technique[技术] by (71.8m points)

Server执行Linux 命令如何避免前端参数攻击?

Server执行Linux 命令如何避免前端参数攻击?

举例

PHP后端某个Server想要使用linux 某个套件,想要字串转成excel xlsx 档案

$ txtToXlsx '{0}'

前端可以输入

id , name
1    , xxx1
2    , xxx2

Server系统可以自动将字串转换为excel

但我想到假如前端使用者加上 ' ,不就可以自己组合命令

甚至可以攻击、控制Server?

请问我要搜寻什么关键字或是方式才能避免这种攻击呢?


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

最好就不要直接使用前端入参,防不胜防.

如果只是 csv 转 xlsx 这个逻辑,php 自己实现就可以


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to Vigges Developer Community for programmer and developer-Open, Learning and Share

Just Browsing Browsing

2.1m questions

2.1m answers

63 comments

56.5k users

Most popular tags

Snow Theme by Q2A Market
Powered by Question2Answer
...