PDE: A Solution to Detect Malicious PHP Scripts

NCUIR > College of Electrical Engineering & Computer Science > Graduate Institute of Computer Science and Information Engineering > Electronic Thesis & Dissertation > Item 987654321/83971

Please use this identifier to cite or link to this item: http://ir.lib.ncu.edu.tw/handle/987654321/83971

Title:	PDE: A Solution to Detect Malicious PHP Scripts
Authors:	陳靖德;Chen, Ching-Te
Contributors:	資訊工程學系
Keywords:	PHP;濫用檔案上傳;檔案上傳漏洞;本地文件包含漏洞;遠端程式碼執行;PHP;Abuse File Upload;File Upload Vulnerability;Local File Inclusion;Remote Code Evaluation
Date:	2020-07-23
Issue Date:	2020-09-02 17:48:15 (UTC+8)
Publisher:	國立中央大學
Abstract:	從 PHP（PHP: Hypertext Preprocessor）被發明至今已經 25 年了，現在還是人們廣為使用的程式語言之一，特別是在 Web 應用服務上。但因為它的易使用性，人們常常寫出不安全的腳本（Script），或是使用錯誤的配置，導致伺服器被注入惡意的 PHP 腳本，進而取得伺服器的控制權，或是盜取機敏資料。此篇論文實作一套解決方案，名為 PDE（PHP Defense Extension），讓 PHP 在執行腳本前，能夠辨識出可能是惡意的腳本，並拒絕執行。;It has been 25 years since PHP (PHP: Hypertext Preprocessor) was invented, and it is still one of the widely used programming languages, especially in web applications. But because of its ease of use, people often write insecure scripts, or use the wrong configuration, resulting in a server being injected with malicious PHP scripts, and then gaining control of the server, or stealing confidential information. This paper implements a solution called PDE (PHP Defense Extension), which allows PHP to identify a potentially malicious script before executing the script and refuses to execute it.
Appears in Collections:	[Graduate Institute of Computer Science and Information Engineering] Electronic Thesis & Dissertation

Files in This Item:

File	Description	Size	Format
index.html		0Kb	HTML	111	View/Open

社群 sharing

Loading...