以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：117

、訪客IP：3.145.103.105

姓名	陳靖德(Ching-Te Chen)  查詢紙本館藏	畢業系所	資訊工程學系
論文名稱	(PDE: A Solution to Detect Malicious PHP Scripts)
相關論文	★ USB WORM KILLER: Cure USB Flash Worms Through a USB Flash Worm ★ Discoverer- Rootkit即時偵測系統 ★ 一項Android手機上詐騙簡訊的偵測與防禦機制 ★ SRA系統防禦ARP欺騙劫持路由器 ★ A Solution for Detecting and Defending ARP Spoofing on Virtual Machines ★ 針對遠端緩衝區溢位攻擊之自動化即時反擊系統 ★ 即時血清系統: 具攻性防壁之自動化蠕蟲治癒系統 ★ DNSPD: Entrap Botnets Through DNS Cache Poisoning Detection ★ TransSQL: A Translation and Validation-based Solution for SQL-Injection Attacks ★ A Spam Mail-based Solution for Botnet Detection and Network Bandwidth Protection ★ Shark: Phishing Information Recycling from Spam Mails ★ FFRTD: Beat Fast-Flux by Response Time Differences ★ Antivirus Software Shield against Antivirus Terminators ★ MAC-YURI : My ACcount, YoUr ResponsIbility ★ KKBB: Kernel Keylogger Bye-Bye ★ CIDP Treatment: An Innovative Mobile Botnet Covert Channel based on Caller IDs with P8 Treatment
檔案	[Endnote RIS 格式]    [Bibtex 格式]    [相關文章]   [文章引用]   [完整記錄]   [館藏目錄]   至系統瀏覽論文 (2025-6-30以後開放)
摘要(中)	從 PHP（PHP: Hypertext Preprocessor）被發明至今已經 25 年了，現在還是人們廣為使用的程式語言之一，特別是在 Web 應用服務上。但因為它的易使用性，人們常常寫出不安全的腳本（Script），或是使用錯誤的配置，導致伺服器被注入惡意的 PHP 腳本，進而取得伺服器的控制權，或是盜取機敏資料。 此篇論文實作一套解決方案，名為 PDE（PHP Defense Extension），讓 PHP 在執行腳本前，能夠辨識出可能是惡意的腳本，並拒絕執行。
摘要(英)	It has been 25 years since PHP (PHP: Hypertext Preprocessor) was invented, and it is still one of the widely used programming languages, especially in web applications. But because of its ease of use, people often write insecure scripts, or use the wrong configuration, resulting in a server being injected with malicious PHP scripts, and then gaining control of the server, or stealing confidential information. This paper implements a solution called PDE (PHP Defense Extension), which allows PHP to identify a potentially malicious script before executing the script and refuses to execute it.
關鍵字(中)	★ PHP ★ 濫用檔案上傳 ★ 檔案上傳漏洞 ★ 本地文件包含漏洞 ★ 遠端程式碼執行	關鍵字(英)	★ PHP ★ Abuse File Upload ★ File Upload Vulnerability ★ Local File Inclusion ★ Remote Code Evaluation
論文目次	摘要.................................. i Abstract ............................. ii 誌謝.................................. iii 目錄.................................. iv 圖目錄................................ vi 表目錄................................ viii 第 1 章 緒論.......................... 1 第 2 章 背景介紹...................... 2 2.1 PHP: Hypertext Preprocessor .. 2 2.1.1 PHP .................... 3 2.1.2 Zend Opcache ........... 3 2.1.3 Extension............... 3 2.1.4 PHP-FPM................. 4 2.2 數位簽章...................... 5 2.3 Threat Model ................. 8 2.3.1 Abuse File Upload ...... 8 2.3.2 Local File Inclusion ... 12 2.3.3 Remote File Inclusion .. 13 2.3.4 CVE-2019-11043.......... 13 第 3 章 相關研究...................... 17 3.1 處理上傳檔案.................. 17 3.1.1 檢查附檔名.............. 17 3.1.2 檢查MIME Type .......... 17 3.1.3 重新處理檔案............ 18 3.2 SELinux 或AppArmor ........... 18 3.3 靜態分析...................... 18 3.4 PharUtil ..................... 19 3.5 Signing PowerShell Scripts ... 19 第 4 章 系統設計與實作................ 20 4.1 System Layout ................ 20 4.2 PDE Signer ................... 26 4.3 PDE Filter ................... 27 4.4 編譯且安裝.................... 27 第 5 章 實驗結果及分析................ 29 5.1 結果驗證...................... 29 5.1.1 Abuse File Upload ...... 29 5.1.2 Local File Inclusion ... 30 5.1.3 Remote File Inclusion .. 30 5.1.4 Laravel ................ 30 5.1.5 CVE-2019-11043.......... 32 5.1.6 修改網站原有腳本........ 34 5.2 效能分析...................... 34 第 6 章 討論.......................... 38 6.1 限制.......................... 38 6.2 未來研究...................... 38 第 7 章 總結.......................... 40 參考文獻.............................. 41
參考文獻	[1] T. P. Group. (1995). “The php interpreter,” [Online]. Available: https://github.com/php/php-src (visited on 07/13/2020). [2] Facebook. (2011). “A virtual machine for executing programs written in hack,” [Online]. Available: https://github.com/facebook/hhvm (visited on 07/13/2020). [3] P. Bissonette. (2015). “Lockdown results and hhvm performance,” [Online]. Available: https://hhvm.com/blog/9293/lockdown-results-and-hhvm-performance (visited on 07/13/2020). [4] SpaceX. (2018). “Simultaneous landing of two side boosters of the falcon heavy rocket.” File: Falcon Heavy Side Boosters landing on LZ1 and LZ2 - 2018(25254688767).jpg, [Online]. Available: https://commons.wikimedia.org/wiki/File:Falcon_Heavy_Side_Boosters_landing_on_LZ1_and_LZ2_-_2018_(25254688767).jpg (visited on 06/23/2020). [5] T. P. Group. (2018). “Php rfc: Deprecations for php 7.4,” [Online]. Available: https://wiki.php.net/rfc/deprecations_php_7_4#allow_url_include (visited on 07/21/2020). [6] 周峻佑. (2019). “Php 再傳遠端程式碼執行漏洞，波及nginx 網站伺服器,” [Online]. Available: https://www.ithome.com.tw/news/133904 (visited on 07/04/2020). [7] neex. (2019). “Phuip-fpizdam - exploit for cve-2019-11043,” [Online]. Available: https://github.com/neex/phuip-fpizdam (visited on 07/04/2020). [8] O. Tsai. (2019). “An analysis and thought about recently php-fpm rce(cve-2019-11043),” [Online]. Available: https://blog.orange.tw/2019/10/an-analysisand-thought-about-recently.html (visited on 07/04/2020). [9] LoRexxar’@ 知道创宇404 实验室. (2019). “Php-fpm 远程代码执行漏洞(cve-2019-11043) 分析,” [Online]. Available: https://paper.seebug.org/1063/ (visited on 07/04/2020). [10] OWASP. (2020). “Unrestricted file upload,” [Online]. Available: https://owasp.org/www-community/vulnerabilities/Unrestricted_File_Upload (visited on 07/08/2020). [11] theMiddle. (2018). “Apparmor: Say goodbye to remote command execution,” [Online]. Available: https://www.secjuice.com/apparmor-say-goodbye-to-remotecommand-execution/ (visited on 07/08/2020). [12] J. Huang, Y. Li, J. Zhang, and R. Dai, “Uchecker: Automatically detecting phpbased unrestricted file upload vulnerabilities,” in 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2019, pp. 581–592. [13] koto. (2012). “Pharutil - security-oriented utilities for phar archives,” [Online]. Available: https://github.com/koto/phar-util (visited on 07/08/2020). [14] Microsoft. (2020). “Powershell documentation,” [Online]. Available: https://docs.microsoft.com/zh-tw/powershell/ (visited on 07/20/2020). [15] ——, (2018). “About signing - powershell | microsoft docs,” [Online]. Available: https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_signing?view=powershell-7 (visited on 07/20/2020). [16] Warren. (2020). “Signing powershell scripts,” [Online]. Available: https://dev.to/wozzo/signing-powershell-scripts-5al7 (visited on 07/20/2020).
指導教授	許富皓	審核日期	2020-7-23
推文	facebook   plurk   twitter   funp   google   live   udn   HD   myshare   reddit   netvibes   friend   youpush   delicious   baidu
網路書籤	Google bookmarks   del.icio.us   hemidemi   myshare