绕过攻击是指黑客通过一些技术手段(漏洞或设计缺陷)绕过系统的安全措施,成功进入系统并获取敏感信息的攻击行为。
Web应用中,利用URL漏洞,实施特殊字符串绕过攻击,实现页面跳转。
以文件完整性校验绕过为例,某产品为例兼容低版本,在校验完整性之前会先检测版本号,当版本号低于特定版本(不支持签名)时,会跳过校验流程。攻击者利用该特性修改软件版本号来绕过验证。
英文翻译:
Bypass attack refers to the hacker through some technical means (vulnerabilities or design flaws) to bypass the security measures of the system, successfully enter the system and obtain sensitive information attack behavior.
In Web applications, URL vulnerabilities are used to implement special string bypass attacks to achieve page jump.
For example, if a product is compatible with an earlier version, the system checks the version number before verifying the integrity. If the version number is earlier than a specific version (which does not support signature), the system skips the verification process. Attackers use this feature to modify the software version number to bypass authentication.
本文由数字化转型网(www.szhzxw.cn)转载而成,来源于网络;编辑/翻译:数字化转型网默然。
