Question

我在使用IBM Appscan的终端网站上进行了测试,并退回了大量与破产搜索组有关的错误。此处摘录其中的一处错误:

    [13 of 37] Parameter Value Overflow
Severity: High
Test Type: Application Invasive
Vulnerable URL: http://[my-web-address]/contact
CVE ID(s): N/A
CWE ID(s): 120
Remediation Tasks: Limit the length of input fields to avoid buffer overflow
Variant 1 of 5 [ID=97491]
The following changes were applied to the original request:
• Set parameter  form_build_id s value to
 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAA...
**Request/Response:**
This request/response contains binary content, which is not included in generated
reports.
**Validation In Response:**
N/A
**Reasoning:**
The test caused the server to stop responding (an erroneous response was returned, such as cut
connection or time out). The original request was then resent and also failed, confirming that the
server had stopped responding.

Appreciate any pointers on what needs to be done, thanks.

Answer 1

如果你使用英文以外的形式投入语言,则最好使用<条码>mb_substr()功能,该功能保全了诸如<条码>、ù等奇怪特性(几乎如基略解决方案)和<条码>filter_var(功能),该功能使标签和选择性脱光或编码特殊特性得以保护,使其免受不同类型的注射攻击。

$form_build_id = mb_substr(filter_var($_GET[ form_build_id ],FILTER_SANITIZE_STRING), 0, 100);

Here are the mb_substr() details and here filter_var() details. Note that mb_substr() requires PHP version 4.0.6 or higher and filter_var() function requires PHP version 5.2 or higher.

Answer 2

<代码>form_build_id输入是Droupal s Form AP的一种内部识别符号。 http://api.drupal.org/api/drupal/includes! 它应当是一个基-64编码的沙-256赫, +改为——、/或——和任何 = 消除的婚外特性。

在缓冲溢流发生之前,形成改变功能可能无法触动。因此,在<代码>drupal_build_form()中,有好像样的样子。

  [...]
  $check_cache = isset($form_state[ input ][ form_id ]) && $form_state[ input ][ form_id ] == $form_id && !empty($form_state[ input ][ form_build_id ]);
  if ($check_cache) {
    $form_build_id = drupal_substr(filter_var($form_state[ input ][ form_build_id ],FILTER_SANITIZE_STRING), 0, 100); 
    $form = form_get_cache($form_build_id, $form_state);
  }
  [...]

但最好在上报告,将其作为一个安全问题,在Droupal.org上提交,并在那里提交你的答复。这将是审议你的问题和确定问题的最佳场所。

友情链接