Method and system for detection of remote file inclusion vulnerabilities

Invention Grant

US08239952B1 Method and system for detection of remote file inclusion vulnerabilities 有权

Title translation: 用于检测远程文件夹入漏洞的方法和系统

Please log in to see more content

Patent Title: Method and system for detection of remote file inclusion vulnerabilities
Patent Title (中): 用于检测远程文件夹入漏洞的方法和系统
Application No.: US12024935

Application Date: 2008-02-01
Publication No.: US08239952B1

Publication Date: 2012-08-07
Inventor: Brett Oliphant , Ben Tyler , Gabriel Richard Pack , Brett Hardin
Applicant: Brett Oliphant , Ben Tyler , Gabriel Richard Pack , Brett Hardin
Applicant Address: US CA Santa Clara
Assignee: McAfee, Inc.
Current Assignee: McAfee, Inc.
Current Assignee Address: US CA Santa Clara
Agency: Wong, Cabello, Lutsch, Rutherford & Brucculeri LLP
Main IPC: G06F11/36
IPC: G06F11/36 ; G06F12/14 ; G08B23/00

Method and system for detection of remote file inclusion vulnerabilities

Abstract:

A method for detecting remote file inclusion vulnerabilities in a web application includes altering of extracted resource references from a web application, submission of altered references as HTTP requests to the web application, inspection of corresponding HTTP responses, and diagnosis of vulnerability. A system of invention implements the method.

Abstract(Chinese):

用于检测web应用中的远程文件夹入漏洞的方法包括：从Web应用中改变提取的资源引用，将改变的引用作为HTTP请求提交给web应用，检查相应的HTTP响应以及对脆弱性的诊断。一种发明的系统实现该方法。

Information query

Espacenet

IPC分类:

G	物理
G06	计算；推算或计数
G06F	电数字数据处理（基于特定计算模型的计算机系统入G06N）
G06F11/00	错误检测；错误校正；监控（在记录载体上作出核对其正确性的方法或装置入G06K5/00；基于记录载体和传感器之间的相对运动而实现的信息存储中所用的方法或装置入G11B，例如G11B20/18；静态存储中所用的方法或装置入G11C29/00）
G06F11/36	.通过软件的测试或调试防止错误