04 basic introduction: web source code expansion


1. Function of web source code

It is used to audit code vulnerabilities and make an information breakthrough.

Chestnut: after obtaining an ASP source code, you can use the default database download as a breakthrough. If you obtain a vulnerability of other script source code, you can conduct code audit, mine or analyze its business logic. In short, the acquisition of source code will provide more ideas for later security testing.
04 basic introduction: web source code expansion

2. About the directory structure of web source code

Database configuration file, background directory, template directory, database directory, etc
index. PHP is determined according to the file suffix
Admin website background path data related directory
Install installation directory
Member directory
Template template directory (the overall architecture related to the website)
data => confing. PHP database configuration file, the communication information between the website and the database, and the connection account password. You can connect to the other party’s database and get the account password of the administrator involved in the source code of the website from the database.

3. About the script type of web source code

ASP, PHP, ASPX, JSP, JavaWeb and other script type source code security issues

4. About web source code vulnerabilities:

The function of the source code determines the type of vulnerability(e.g. e-commerce and transaction information)

If there is a framework, find the framework vulnerability, and if there is no framework, find the code vulnerability (code audit)

Relevant ways to obtain source code:
: scanning tool detects backup files; CMS identification technology obtains CMS name, and then downloads it from the Internet, rookie source code, search, salted fish, Taobao, third-party source code station, and various industry counterparts
Social networking, forums, portals, third parties, blogs and other different code mechanisms correspond to vulnerabilities
Open source, non open source, framework, non framework.

Open source:
Go online to find loophole articles. Directly find vulnerabilities or audit (which can be identified through CMS)
Conventional penetration tests are judged by scanning tools. (the source code cannot be found or the CMS name of the other party is unknown)

On CMS identification and follow-up
After getting the source code of the other party or judging the application type of the website, we should focus on what vulnerabilities to do.

• portal ———————– comprehensive vulnerabilities
• e-commerce ————————— business logic vulnerabilities
• forum ————————— XSS vulnerability
• blog ————————— fewer vulnerabilities
• third party ———————– determined by function

04 basic introduction: web source code expansion

5. CMS identification:

CMS: “content management system”. Content management system is the new favorite of enterprise information construction and e-government.
Elements of CMS:
○ document template
○ scripting language or markup language
○ integration with database
CMS identification:
Online tools:

6. Examples;

Pay attention to the application classification and script type, and estimate the possible vulnerabilities of the source code (with the exception of the framework, the framework directly finds the vulnerabilities of the framework). After obtaining the source code, you can conduct local security test (local security test (manually use tools to scan without touching the code)) or code audit, or analyze the working principle of its directory (database backup, Bak file, etc.).
The source code not obtained is obtained by various methods

For example, xycms program is built. After downloading the source code, it is in its directory
04 basic introduction: web source code expansion
Visit the same location and download the file
04 basic introduction: web source code expansion

04 basic introduction: web source code expansion
04 basic introduction: web source code expansion

Then access the background Directory:
04 basic introduction: web source code expansion

04 basic introduction: web source code expansion

You don’t have to analyze the types of vulnerabilities by yourself. You can also download and scan vulnerabilities by yourself04 basic introduction: web source code expansion

7. CMS file MD5:

CMS fingerprint identification dictionary Download
Each file corresponds to an MD5 value
If the MD5 value of the file under the corresponding path is the same, the middle one is CMS type
04 basic introduction: web source code expansion