{"id":49934,"date":"2025-07-30T20:37:11","date_gmt":"2025-07-30T12:37:11","guid":{"rendered":"https:\/\/www.wsisp.com\/helps\/49934.html"},"modified":"2025-07-30T20:37:11","modified_gmt":"2025-07-30T12:37:11","slug":"wstg-v4-2%e8%a7%a3%e8%af%bb%e4%b9%8b-wstg-info-02-web%e6%9c%8d%e5%8a%a1%e5%99%a8%e6%8c%87%e7%ba%b9%e8%af%86%e5%88%ab","status":"publish","type":"post","link":"https:\/\/www.wsisp.com\/helps\/49934.html","title":{"rendered":"WSTG v4.2\u89e3\u8bfb\u4e4b--WSTG-INFO-02 Web\u670d\u52a1\u5668\u6307\u7eb9\u8bc6\u522b"},"content":{"rendered":"<\/p>\n<h4>\u6587\u7ae0\u76ee\u5f55<\/h4>\n<ul>\n<li>\n<ul>\n<li>1. \u7ae0\u8282\u5b9a\u4f4d<\/li>\n<li>2. \u6d4b\u8bd5\u539f\u7406<\/li>\n<li>3. \u6d4b\u8bd5\u65b9\u6cd5<\/li>\n<li>\n<ul>\n<li>3.1 \u624b\u52a8\u68c0\u6d4b&#xff08;BurpSuite\u6f14\u793a&#xff09;<\/li>\n<li>3.2 \u81ea\u52a8\u5316\u5de5\u5177<\/li>\n<\/ul>\n<\/li>\n<li>4. \u4fee\u590d\u5efa\u8bae<\/li>\n<li>\n<ul>\n<li>4.1 \u5f00\u53d1\u5c42\u9762<\/li>\n<li>4.2 \u8fd0\u7ef4\u5c42\u9762<\/li>\n<li>4.3 \u6301\u7eed\u7ef4\u62a4<\/li>\n<\/ul>\n<\/li>\n<li>5. \u8fdb\u9636\u8d44\u6e90<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3>1. \u7ae0\u8282\u5b9a\u4f4d<\/h3>\n<p>\u5bf9\u5e94OWASP TOP 10&#xff1a;A05:2021-\u5b89\u5168\u914d\u7f6e\u9519\u8bef \u672c\u6d4b\u8bd5\u5c5e\u4e8e\u4fe1\u606f\u6536\u96c6\u9636\u6bb5&#xff0c;\u901a\u8fc7\u8bc6\u522b\u670d\u52a1\u5668\u7c7b\u578b\/\u7248\u672c&#xff08;\u5982Apache 2.4.41\u3001Nginx 1.17.3&#xff09;&#xff0c;\u66b4\u9732\u672a\u4fee\u590d\u7684\u5df2\u77e5\u6f0f\u6d1e&#xff08;\u5982CVE-2021-41773&#xff09;\u3002\u636e\u7edf\u8ba1&#xff0c;32%\u7684Web\u653b\u51fb\u5229\u7528\u670d\u52a1\u5668\u7248\u672c\u6f0f\u6d1e&#xff0c;2023\u5e74\u66dd\u5149\u7684CVE-2023-25690&#xff08;Apache HTTP Server\u6f0f\u6d1e&#xff09;\u5373\u4f9d\u8d56\u6b64\u4fe1\u606f\u3002<\/p>\n<h3>2. \u6d4b\u8bd5\u539f\u7406<\/h3>\n<p>  #mermaid-svg-1Eg1GK9o9MUob03K {font-family:\\&#8221;trebuchet ms\\&#8221;,verdana,arial,sans-serif;font-size:16px;fill:#333;}#mermaid-svg-1Eg1GK9o9MUob03K .error-icon{fill:#552222;}#mermaid-svg-1Eg1GK9o9MUob03K .error-text{fill:#552222;stroke:#552222;}#mermaid-svg-1Eg1GK9o9MUob03K .edge-thickness-normal{stroke-width:2px;}#mermaid-svg-1Eg1GK9o9MUob03K .edge-thickness-thick{stroke-width:3.5px;}#mermaid-svg-1Eg1GK9o9MUob03K .edge-pattern-solid{stroke-dasharray:0;}#mermaid-svg-1Eg1GK9o9MUob03K .edge-pattern-dashed{stroke-dasharray:3;}#mermaid-svg-1Eg1GK9o9MUob03K .edge-pattern-dotted{stroke-dasharray:2;}#mermaid-svg-1Eg1GK9o9MUob03K .marker{fill:#333333;stroke:#333333;}#mermaid-svg-1Eg1GK9o9MUob03K .marker.cross{stroke:#333333;}#mermaid-svg-1Eg1GK9o9MUob03K svg{font-family:\\&#8221;trebuchet ms\\&#8221;,verdana,arial,sans-serif;font-size:16px;}#mermaid-svg-1Eg1GK9o9MUob03K .label{font-family:\\&#8221;trebuchet ms\\&#8221;,verdana,arial,sans-serif;color:#333;}#mermaid-svg-1Eg1GK9o9MUob03K .cluster-label text{fill:#333;}#mermaid-svg-1Eg1GK9o9MUob03K .cluster-label span{color:#333;}#mermaid-svg-1Eg1GK9o9MUob03K .label text,#mermaid-svg-1Eg1GK9o9MUob03K span{fill:#333;color:#333;}#mermaid-svg-1Eg1GK9o9MUob03K .node rect,#mermaid-svg-1Eg1GK9o9MUob03K .node circle,#mermaid-svg-1Eg1GK9o9MUob03K .node ellipse,#mermaid-svg-1Eg1GK9o9MUob03K .node polygon,#mermaid-svg-1Eg1GK9o9MUob03K .node path{fill:#ECECFF;stroke:#9370DB;stroke-width:1px;}#mermaid-svg-1Eg1GK9o9MUob03K .node .label{text-align:center;}#mermaid-svg-1Eg1GK9o9MUob03K .node.clickable{cursor:pointer;}#mermaid-svg-1Eg1GK9o9MUob03K .arrowheadPath{fill:#333333;}#mermaid-svg-1Eg1GK9o9MUob03K .edgePath .path{stroke:#333333;stroke-width:2.0px;}#mermaid-svg-1Eg1GK9o9MUob03K .flowchart-link{stroke:#333333;fill:none;}#mermaid-svg-1Eg1GK9o9MUob03K .edgeLabel{background-color:#e8e8e8;text-align:center;}#mermaid-svg-1Eg1GK9o9MUob03K .edgeLabel rect{opacity:0.5;background-color:#e8e8e8;fill:#e8e8e8;}#mermaid-svg-1Eg1GK9o9MUob03K .cluster rect{fill:#ffffde;stroke:#aaaa33;stroke-width:1px;}#mermaid-svg-1Eg1GK9o9MUob03K .cluster text{fill:#333;}#mermaid-svg-1Eg1GK9o9MUob03K .cluster span{color:#333;}#mermaid-svg-1Eg1GK9o9MUob03K div.mermaidTooltip{position:absolute;text-align:center;max-width:200px;padding:2px;font-family:\\&#8221;trebuchet ms\\&#8221;,verdana,arial,sans-serif;font-size:12px;background:hsl(80, 100%, 96.2745098039%);border:1px solid #aaaa33;border-radius:2px;pointer-events:none;z-index:100;}#mermaid-svg-1Eg1GK9o9MUob03K :root{&#8211;mermaid-font-family:\\&#8221;trebuchet ms\\&#8221;,verdana,arial,sans-serif;}<\/p>\n<p>         <span id=\"L-L-A-B\" class=\"edgeLabel L-LS-A&#039; L-LE-B\"><\/span><\/p>\n<p>         <span id=\"L-L-B-C\" class=\"edgeLabel L-LS-B&#039; L-LE-C\"><\/span><\/p>\n<p>         <span id=\"L-L-B-D\" class=\"edgeLabel L-LS-B&#039; L-LE-D\"><\/span><\/p>\n<p>         <span id=\"L-L-B-E\" class=\"edgeLabel L-LS-B&#039; L-LE-E\"><\/span><\/p>\n<p>         <span id=\"L-L-C-F\" class=\"edgeLabel L-LS-C&#039; L-LE-F\"><\/span><\/p>\n<p>         <span id=\"L-L-D-F\" class=\"edgeLabel L-LS-D&#039; L-LE-F\"><\/span><\/p>\n<p>         <span id=\"L-L-E-F\" class=\"edgeLabel L-LS-E&#039; L-LE-F\"><\/span><\/p>\n<p>         <span id=\"L-L-F-G\" class=\"edgeLabel L-LS-F&#039; L-LE-G\"><\/span><\/p>\n<p>          \u53d1\u9001\u63a2\u6d4b\u8bf7\u6c42<\/p>\n<p>          \u670d\u52a1\u5668\u54cd\u5e94\u5206\u6790<\/p>\n<p>          \u54cd\u5e94\u5934\u5b57\u6bb5\u987a\u5e8f<\/p>\n<p>          \u9519\u8bef\u9875\u9762\u7279\u5f81<\/p>\n<p>          \u534f\u8bae\u884c\u4e3a\u5dee\u5f02<\/p>\n<p>          \u5339\u914d\u6307\u7eb9\u6570\u636e\u5e93<\/p>\n<p>          \u8bc6\u522b\u670d\u52a1\u5668\u7c7b\u578b\/\u7248\u672c<\/p>\n<ul>\n<li>\u88ab\u52a8\u8bc6\u522b&#xff1a;\u5206\u6790\u6b63\u5e38\u54cd\u5e94\u7684Server\u5934\u3001X-Powered-By\u5b57\u6bb5<\/li>\n<li>\u4e3b\u52a8\u63a2\u6d4b&#xff1a;\u901a\u8fc7\u7578\u5f62\u8bf7\u6c42&#xff08;\u5982GET \/ HTTP\/3.0&#xff09;\u89e6\u53d1\u9ed8\u8ba4\u9519\u8bef\u9875<\/li>\n<li>\u534f\u8bae\u7279\u6027&#xff1a;\u4e0d\u540c\u670d\u52a1\u5668\u5bf9OPTIONS\u3001TRACE\u7b49\u65b9\u6cd5\u7684\u652f\u6301\u5dee\u5f02<\/li>\n<\/ul>\n<h3>3. \u6d4b\u8bd5\u65b9\u6cd5<\/h3>\n<h4>3.1 \u624b\u52a8\u68c0\u6d4b&#xff08;BurpSuite\u6f14\u793a&#xff09;<\/h4>\n<li>\n<p>\u57fa\u7840\u65d7\u6807\u6293\u53d6&#xff1a;<\/p>\n<p> <span class=\"token function\">curl<\/span> -I https:\/\/target.com<\/p>\n<p>![BurpSuite\u54cd\u5e94\u5934\u622a\u56fe\u4f4d\u7f6e&#xff1a;Proxy-&gt;HTTP history-&gt;Response headers] \u91cd\u70b9\u68c0\u67e5Server\u3001X-Powered-By\u5b57\u6bb5<\/p>\n<\/li>\n<li>\n<p>\u7578\u5f62\u8bf7\u6c42\u89e6\u53d1&#xff1a; \u5728Burp Repeater\u4e2d\u53d1\u9001&#xff1a;<\/p>\n<p> GET \/ ?param&#061;&lt;&gt; HTTP\/1.1<br \/>\nHost: target.com<\/p>\n<p>*\u89c2\u5bdf\u9519\u8bef\u9875HTML\u7ed3\u6784&#xff08;\u5982Nginx\u7684&lt;center&gt;\u6807\u7b7e&#xff09;<\/p>\n<\/li>\n<h4>3.2 \u81ea\u52a8\u5316\u5de5\u5177<\/h4>\n<table>\n<tr>\u5de5\u5177\u547d\u4ee4\u793a\u4f8b\u5173\u952e\u8f93\u51fa<\/tr>\n<tbody>\n<tr>\n<td>Nmap<\/td>\n<td>nmap -p 443 &#8211;script http-server-fingerprint target.com<\/td>\n<td>\u5339\u914dSSL\/TLS\u6808\u7279\u5f81<\/td>\n<\/tr>\n<tr>\n<td>Nikto<\/td>\n<td>nikto -h target.com<\/td>\n<td>\u8bc6\u522bServer\u5934\u4e0e\u5df2\u77e5\u6f0f\u6d1e\u5173\u8054<\/td>\n<\/tr>\n<tr>\n<td>WhatWeb<\/td>\n<td>whatweb -v target.com<\/td>\n<td>\u5206\u6790Cookie\u547d\u540d\u89c4\u5219\u7b49200&#043;\u7279\u5f81<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h3>4. \u4fee\u590d\u5efa\u8bae<\/h3>\n<h4>4.1 \u5f00\u53d1\u5c42\u9762<\/h4>\n<p># Apache \u914d\u7f6e\u793a\u4f8b (httpd.conf)<br \/>\nServerTokens Prod  # \u4ec5\u663e\u793a&#034;Apache&#034;<br \/>\nServerSignature Off<br \/>\nHeader unset X-Powered-By<\/p>\n<h4>4.2 \u8fd0\u7ef4\u5c42\u9762<\/h4>\n<ul>\n<li>\n<p>\u53cd\u5411\u4ee3\u7406\u914d\u7f6e&#xff08;Nginx\u793a\u4f8b&#xff09;&#xff1a;<\/p>\n<p> server {<br \/>\n  proxy_hide_header Server;<br \/>\n  add_header Server &#034;Corporate_Web&#034;;<br \/>\n}\n <\/li>\n<li>\n<p>WAF\u89c4\u5219&#xff1a;\u5728ModSecurity\u4e2d\u542f\u7528SecServerSignature &#034;Custom&#034;<\/p>\n<\/li>\n<\/ul>\n<h4>4.3 \u6301\u7eed\u7ef4\u62a4<\/h4>\n<ul>\n<li>\n<p>\u5efa\u7acb\u8865\u4e01\u65e5\u5386\u76d1\u63a7&#xff1a;<\/p>\n<p> <span class=\"token comment\"># Ubuntu\u81ea\u52a8\u66f4\u65b0\u68c0\u67e5<\/span><br \/>\n<span class=\"token function\">apt<\/span> list &#8211;upgradable <span class=\"token operator\">|<\/span> <span class=\"token function\">grep<\/span> <span class=\"token string\">&#039;apache2\\\\|nginx&#039;<\/span>\n <\/li>\n<\/ul>\n<h3>5. \u8fdb\u9636\u8d44\u6e90<\/h3>\n<li>\n<p>CVE-2022-31813 Apache HTTP Server\u8def\u5f84\u904d\u5386\u6f0f\u6d1e&#xff08;\u5f71\u54cd2.4.53\u524d\u7248\u672c&#xff09;&#xff0c;\u901a\u8fc7Server\u5934\u8bc6\u522b\u6613\u53d7\u653b\u51fb\u4e3b\u673a<\/p>\n<\/li>\n<li>\n<p>CVE-2023-25690 Apache mod_proxy HTTP\u4ee3\u7406\u6a21\u5757&#xff08;\u9700\u786e\u8ba4\u7248\u672c\u22642.4.55&#xff09;&#xff0c;\u6f0f\u6d1e\u5206\u6790<\/p>\n<\/li>\n<li>\n<p>CVE-2023-38646 Nginx\u5185\u5b58\u6cc4\u9732\u6f0f\u6d1e&#xff08;\u5f71\u54cd1.25.1\u524d\u7248\u672c&#xff09;&#xff0c;PoC\u4ee3\u7801<\/p>\n<\/li>\n","protected":false},"excerpt":{"rendered":"<p>\u6587\u7ae0\u6d4f\u89c8\u9605\u8bfb1k\u6b21\uff0c\u70b9\u8d5e20\u6b21\uff0c\u6536\u85cf30\u6b21\u3002\u6458\u8981\uff1a \u672c\u6587\u9488\u5bf9OWASP TOP 10\u4e2d\u7684\u5b89\u5168\u914d\u7f6e\u9519\u8bef\uff08A05:2021\uff09\uff0c\u8be6\u7ec6\u4ecb\u7ecd\u4e86Web\u670d\u52a1\u5668\u7248\u672c\u8bc6\u522b\u7684\u6d4b\u8bd5\u65b9\u6cd5\u3002\u901a\u8fc7\u5206\u6790\u54cd\u5e94\u5934\u3001\u9519\u8bef\u9875\u9762\u7b49\u7279\u5f81\uff0832%\u7684Web\u653b\u51fb\u5229\u7528\u6b64\u7c7b\u6f0f\u6d1e\uff09\uff0c\u7ed3\u5408BurpSuite\u624b\u52a8\u63a2\u6d4b\u548cNmap\u3001Nikto\u7b49\u81ea\u52a8\u5316\u5de5\u5177\uff0c\u53ef\u7cbe\u51c6\u8bc6\u522b\u670d\u52a1\u5668\u7c7b\u578b\/\u7248\u672c\uff08\u5982Apache 2.4.41\uff09\u3002\u4fee\u590d\u5efa\u8bae\u5305\u62ec\u914d\u7f6e\u9690\u85cf\u670d\u52a1\u5668\u4fe1\u606f\uff08\u5982ServerTokens Prod\uff09\u3001\u4f7f\u7528\u53cd\u5411\u4ee3\u7406\u5c4f\u853d\u654f\u611f\u5934\u3001\u5efa\u7acb\u8865\u4e01\u7ba1\u7406\u673a\u5236\u7b49\u3002\u6587\u4e2d\u7279\u522b\u63d0\u53caCVE-2023-25690\u7b49\u5173\u952e\u6f0f\u6d1e\uff0c\u5f3a\u8c03\u7248\u672c\u8bc6\u522b\u7684\u5b89\u5168\u4ef7\u503c\u3002\u6d4b\u8bd5\u539f\u7406<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[275,4855,4856],"topic":[],"class_list":["post-49934","post","type-post","status-publish","format-standard","hentry","category-server","tag-web","tag-wstg","tag-wstg-4-2"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>WSTG v4.2\u89e3\u8bfb\u4e4b-WSTG-INFO-02 Web\u670d\u52a1\u5668\u6307\u7eb9\u8bc6\u522b - \u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.wsisp.com\/helps\/49934.html\" \/>\n<meta property=\"og:locale\" content=\"zh_CN\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"WSTG v4.2\u89e3\u8bfb\u4e4b-WSTG-INFO-02 Web\u670d\u52a1\u5668\u6307\u7eb9\u8bc6\u522b - \u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3\" \/>\n<meta property=\"og:description\" content=\"\u6587\u7ae0\u6d4f\u89c8\u9605\u8bfb1k\u6b21\uff0c\u70b9\u8d5e20\u6b21\uff0c\u6536\u85cf30\u6b21\u3002\u6458\u8981\uff1a \u672c\u6587\u9488\u5bf9OWASP TOP 10\u4e2d\u7684\u5b89\u5168\u914d\u7f6e\u9519\u8bef\uff08A05:2021\uff09\uff0c\u8be6\u7ec6\u4ecb\u7ecd\u4e86Web\u670d\u52a1\u5668\u7248\u672c\u8bc6\u522b\u7684\u6d4b\u8bd5\u65b9\u6cd5\u3002\u901a\u8fc7\u5206\u6790\u54cd\u5e94\u5934\u3001\u9519\u8bef\u9875\u9762\u7b49\u7279\u5f81\uff0832%\u7684Web\u653b\u51fb\u5229\u7528\u6b64\u7c7b\u6f0f\u6d1e\uff09\uff0c\u7ed3\u5408BurpSuite\u624b\u52a8\u63a2\u6d4b\u548cNmap\u3001Nikto\u7b49\u81ea\u52a8\u5316\u5de5\u5177\uff0c\u53ef\u7cbe\u51c6\u8bc6\u522b\u670d\u52a1\u5668\u7c7b\u578b\/\u7248\u672c\uff08\u5982Apache 2.4.41\uff09\u3002\u4fee\u590d\u5efa\u8bae\u5305\u62ec\u914d\u7f6e\u9690\u85cf\u670d\u52a1\u5668\u4fe1\u606f\uff08\u5982ServerTokens Prod\uff09\u3001\u4f7f\u7528\u53cd\u5411\u4ee3\u7406\u5c4f\u853d\u654f\u611f\u5934\u3001\u5efa\u7acb\u8865\u4e01\u7ba1\u7406\u673a\u5236\u7b49\u3002\u6587\u4e2d\u7279\u522b\u63d0\u53caCVE-2023-25690\u7b49\u5173\u952e\u6f0f\u6d1e\uff0c\u5f3a\u8c03\u7248\u672c\u8bc6\u522b\u7684\u5b89\u5168\u4ef7\u503c\u3002\u6d4b\u8bd5\u539f\u7406\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.wsisp.com\/helps\/49934.html\" \/>\n<meta property=\"og:site_name\" content=\"\u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3\" \/>\n<meta property=\"article:published_time\" content=\"2025-07-30T12:37:11+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u4f5c\u8005\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 \u5206\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.wsisp.com\/helps\/49934.html\",\"url\":\"https:\/\/www.wsisp.com\/helps\/49934.html\",\"name\":\"WSTG v4.2\u89e3\u8bfb\u4e4b-WSTG-INFO-02 Web\u670d\u52a1\u5668\u6307\u7eb9\u8bc6\u522b - \u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3\",\"isPartOf\":{\"@id\":\"https:\/\/www.wsisp.com\/helps\/#website\"},\"datePublished\":\"2025-07-30T12:37:11+00:00\",\"dateModified\":\"2025-07-30T12:37:11+00:00\",\"author\":{\"@id\":\"https:\/\/www.wsisp.com\/helps\/#\/schema\/person\/358e386c577a3ab51c4493330a20ad41\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.wsisp.com\/helps\/49934.html#breadcrumb\"},\"inLanguage\":\"zh-Hans\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.wsisp.com\/helps\/49934.html\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.wsisp.com\/helps\/49934.html#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u9996\u9875\",\"item\":\"https:\/\/www.wsisp.com\/helps\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"WSTG v4.2\u89e3\u8bfb\u4e4b--WSTG-INFO-02 Web\u670d\u52a1\u5668\u6307\u7eb9\u8bc6\u522b\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.wsisp.com\/helps\/#website\",\"url\":\"https:\/\/www.wsisp.com\/helps\/\",\"name\":\"\u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3\",\"description\":\"\u9999\u6e2f\u670d\u52a1\u5668_\u9999\u6e2f\u4e91\u670d\u52a1\u5668\u8d44\u8baf_\u670d\u52a1\u5668\u5e2e\u52a9\u6587\u6863_\u670d\u52a1\u5668\u6559\u7a0b\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.wsisp.com\/helps\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"zh-Hans\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.wsisp.com\/helps\/#\/schema\/person\/358e386c577a3ab51c4493330a20ad41\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-Hans\",\"@id\":\"https:\/\/www.wsisp.com\/helps\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/gravatar.wp-china-yes.net\/avatar\/?s=96&d=mystery\",\"contentUrl\":\"https:\/\/gravatar.wp-china-yes.net\/avatar\/?s=96&d=mystery\",\"caption\":\"admin\"},\"sameAs\":[\"http:\/\/wp.wsisp.com\"],\"url\":\"https:\/\/www.wsisp.com\/helps\/author\/admin\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"WSTG v4.2\u89e3\u8bfb\u4e4b-WSTG-INFO-02 Web\u670d\u52a1\u5668\u6307\u7eb9\u8bc6\u522b - \u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.wsisp.com\/helps\/49934.html","og_locale":"zh_CN","og_type":"article","og_title":"WSTG v4.2\u89e3\u8bfb\u4e4b-WSTG-INFO-02 Web\u670d\u52a1\u5668\u6307\u7eb9\u8bc6\u522b - \u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3","og_description":"\u6587\u7ae0\u6d4f\u89c8\u9605\u8bfb1k\u6b21\uff0c\u70b9\u8d5e20\u6b21\uff0c\u6536\u85cf30\u6b21\u3002\u6458\u8981\uff1a \u672c\u6587\u9488\u5bf9OWASP TOP 10\u4e2d\u7684\u5b89\u5168\u914d\u7f6e\u9519\u8bef\uff08A05:2021\uff09\uff0c\u8be6\u7ec6\u4ecb\u7ecd\u4e86Web\u670d\u52a1\u5668\u7248\u672c\u8bc6\u522b\u7684\u6d4b\u8bd5\u65b9\u6cd5\u3002\u901a\u8fc7\u5206\u6790\u54cd\u5e94\u5934\u3001\u9519\u8bef\u9875\u9762\u7b49\u7279\u5f81\uff0832%\u7684Web\u653b\u51fb\u5229\u7528\u6b64\u7c7b\u6f0f\u6d1e\uff09\uff0c\u7ed3\u5408BurpSuite\u624b\u52a8\u63a2\u6d4b\u548cNmap\u3001Nikto\u7b49\u81ea\u52a8\u5316\u5de5\u5177\uff0c\u53ef\u7cbe\u51c6\u8bc6\u522b\u670d\u52a1\u5668\u7c7b\u578b\/\u7248\u672c\uff08\u5982Apache 2.4.41\uff09\u3002\u4fee\u590d\u5efa\u8bae\u5305\u62ec\u914d\u7f6e\u9690\u85cf\u670d\u52a1\u5668\u4fe1\u606f\uff08\u5982ServerTokens Prod\uff09\u3001\u4f7f\u7528\u53cd\u5411\u4ee3\u7406\u5c4f\u853d\u654f\u611f\u5934\u3001\u5efa\u7acb\u8865\u4e01\u7ba1\u7406\u673a\u5236\u7b49\u3002\u6587\u4e2d\u7279\u522b\u63d0\u53caCVE-2023-25690\u7b49\u5173\u952e\u6f0f\u6d1e\uff0c\u5f3a\u8c03\u7248\u672c\u8bc6\u522b\u7684\u5b89\u5168\u4ef7\u503c\u3002\u6d4b\u8bd5\u539f\u7406","og_url":"https:\/\/www.wsisp.com\/helps\/49934.html","og_site_name":"\u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3","article_published_time":"2025-07-30T12:37:11+00:00","author":"admin","twitter_card":"summary_large_image","twitter_misc":{"\u4f5c\u8005":"admin","\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4":"3 \u5206"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.wsisp.com\/helps\/49934.html","url":"https:\/\/www.wsisp.com\/helps\/49934.html","name":"WSTG v4.2\u89e3\u8bfb\u4e4b-WSTG-INFO-02 Web\u670d\u52a1\u5668\u6307\u7eb9\u8bc6\u522b - \u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3","isPartOf":{"@id":"https:\/\/www.wsisp.com\/helps\/#website"},"datePublished":"2025-07-30T12:37:11+00:00","dateModified":"2025-07-30T12:37:11+00:00","author":{"@id":"https:\/\/www.wsisp.com\/helps\/#\/schema\/person\/358e386c577a3ab51c4493330a20ad41"},"breadcrumb":{"@id":"https:\/\/www.wsisp.com\/helps\/49934.html#breadcrumb"},"inLanguage":"zh-Hans","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.wsisp.com\/helps\/49934.html"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.wsisp.com\/helps\/49934.html#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9875","item":"https:\/\/www.wsisp.com\/helps"},{"@type":"ListItem","position":2,"name":"WSTG v4.2\u89e3\u8bfb\u4e4b--WSTG-INFO-02 Web\u670d\u52a1\u5668\u6307\u7eb9\u8bc6\u522b"}]},{"@type":"WebSite","@id":"https:\/\/www.wsisp.com\/helps\/#website","url":"https:\/\/www.wsisp.com\/helps\/","name":"\u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3","description":"\u9999\u6e2f\u670d\u52a1\u5668_\u9999\u6e2f\u4e91\u670d\u52a1\u5668\u8d44\u8baf_\u670d\u52a1\u5668\u5e2e\u52a9\u6587\u6863_\u670d\u52a1\u5668\u6559\u7a0b","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.wsisp.com\/helps\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"zh-Hans"},{"@type":"Person","@id":"https:\/\/www.wsisp.com\/helps\/#\/schema\/person\/358e386c577a3ab51c4493330a20ad41","name":"admin","image":{"@type":"ImageObject","inLanguage":"zh-Hans","@id":"https:\/\/www.wsisp.com\/helps\/#\/schema\/person\/image\/","url":"https:\/\/gravatar.wp-china-yes.net\/avatar\/?s=96&d=mystery","contentUrl":"https:\/\/gravatar.wp-china-yes.net\/avatar\/?s=96&d=mystery","caption":"admin"},"sameAs":["http:\/\/wp.wsisp.com"],"url":"https:\/\/www.wsisp.com\/helps\/author\/admin"}]}},"_links":{"self":[{"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/posts\/49934","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/comments?post=49934"}],"version-history":[{"count":0,"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/posts\/49934\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/media?parent=49934"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/categories?post=49934"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/tags?post=49934"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/topic?post=49934"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}