Method, system and apparatus for defending bypassing of file uploading verification, and medium

A file upload and file technology, which is applied in the field of server security, can solve data hazards and other problems, and achieve the effects of accurate detection, high security, and reduced possibility

Active Publication Date: 2019-02-12
SANGFOR TECH INC
View PDF13 Cites 8 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

And when this asp file contains malicious content, it will cause harm to the server and the data stored on the server during execution.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method, system and apparatus for defending bypassing of file uploading verification, and medium
  • Method, system and apparatus for defending bypassing of file uploading verification, and medium
  • Method, system and apparatus for defending bypassing of file uploading verification, and medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0073] Combine the following figure 1 , figure 1 It is a flow chart of a method for defending file upload verification bypass provided by the embodiment of this application, which specifically includes the following steps:

[0074] S101: Extract the file name of the file to be uploaded except the suffix from the file upload request;

[0075] This step aims to obtain the file name of the file to be uploaded except the suffix, and the removed part is the part that can be recognized as the suffix by the prior art. Take the xxxxx.txt file as an example. The file name obtained in this step is "xxxxx", and the part identified as .txt is removed.

[0076] Wherein, the file name will be included in the file upload HTTP request as part of the feature information of the file to be uploaded, and the upload file verification mechanism will extract the file name from the preset position of the HTTP request. HTTP requests formed based on different specific protocols may contain different...

Embodiment 2

[0096] The following combination figure 2 , figure 2 The flow chart of another method for defending file upload verification bypass provided by the embodiment of this application is different from the first embodiment. This embodiment uses S202 and S203 to detect the file name in the first method mentioned in S102. Whether there is a suffix string identical to the target suffix string, S204 provides a specific strategy for rejecting the upload operation, and the specific steps are:

[0097] S201: Extract the file name of the file to be uploaded except the suffix from the file upload request;

[0098] S202: Split the file name by using the suffix identifier in the file name to obtain each suffix character string;

[0099] Still taking xxxx.jpg;.txt as an example, you will find that there are two suffix identifiers—“.”, which will be used as a separator to obtain two different suffix strings: “jpg;” and “txt”.

[0100] Normally, when there are interfering characters such as...

Embodiment 3

[0108] The following combination image 3 , image 3 It is a flow chart of a method for obtaining a suffix character string by segmenting a suffix identifier in the method for defending against file upload verification bypass provided by the embodiment of this application. This embodiment provides a specific implementation method for S202, and the remaining steps Do not make changes, specifically include the following steps:

[0109] S301: append an end mark at the end of the file name;

[0110] Take xxxx.jpg;.txt as an example, the end tag should be appended after txt.

[0111] S302: Search for the file suffix identifier character by character forward from the end mark, and attach a suffix identification mark to each searched file suffix identifier;

[0112] Wherein, the suffix identifier is ".", that is, this step starts from the end mark of the file name to identify whether each character is "." character by character, and attaches a suffix identification mark to each "....

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method for defending bypassing of file uploading verification. The method comprises the following steps: when uploading verification is performed on a file to be uploaded, firstly obtaining a file name with a removed suffix, detecting whether the file name contains a suffix character string the same as a target suffix character string, and refusing the uploading of the file to be uploaded when the suffix character string the same as the target suffix character string is discovered. Different from the manner of only performing the uploading verification on the last suffix in the prior art, according to the method disclosed by the invention, the suffix character string hidden in the file name is also detected, so that accurate detection can be performed effectivelyon a plurality of existing bypassing manners, the method is applicable to the modes of multiple kinds of server management software to parse files, and the possibility of jeopardizing a server and thedata in the server by the file uploading vulnerability can be greatly reduced, so that the security is higher. The invention further discloses a system and apparatus for defending bypassing of file uploading verification, and a computer readable storage medium, which have the above beneficial effects.

Description

technical field [0001] The present application relates to the technical field of server security, and in particular to a method, system, device and computer-readable storage medium for defending file upload verification bypass. Background technique [0002] While web applications are becoming more and more abundant, web servers have gradually become the main attack target due to their powerful computing power, processing performance and high value. SQL injection (insert SQL commands into web forms to submit or enter query strings for domain names or page requests, and finally trick the server into executing malicious SQL commands), Webshell (script attack tool for Web intrusion) attacks, web page Trojans and other security incidents , occurs frequently. Enterprises and other users generally use firewalls (Firewall) built on the data link layer, network layer, and transport layer as the first line of defense of the security system, but due to various practical problems, the ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/08
CPCH04L63/102H04L63/1416H04L63/1491H04L67/06
Inventor 梁满
Owner SANGFOR TECH INC
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap