Analysis Of PHPBB Security Vulnerability And The Research Of Advanced Evasion Technique

In daily life, people often browse the Internet forums, which has been referred to as an electronic bulletin board (Bulletin Board System), when the user registration, you can enjoy the release of information, sharing of information, communicate with each other and other services. Currently, online forums have been developed into a platform for users to use it for information exchange and sharing. The one which commonly used in online forums is PHPBB software which uses the popular PHP programming language. It has now become the most widely used open source forum software. With the widespread use of PHPBB forum software, and its security is also more and more attention, at the same time, more and more Advanced Evasion Technique has been known. Therefore, it is particularly important for the forum software to solve security analysis and security issues.In the network security background which described in the above context, This article focuses on the principle and background of target vulnerabilities, attack code feature and analyze and summarize attack signatures under the advanced evasion technique. At the end of this article, based on current Advanced Evasion Technique proposed the strategy improvements of security and defense of intrusion prevention system (IPS).The article first analyzes the present situation of network security, presented the common vulnerabilities which in the network environment, security products which is widely used and Advanced Evasion Technique; Summarized PHP common vulnerabilities which is used frequently and its generation principle; According to building a network attack and defense environment, get on the offensive and defensive experiment of target vulnerabilities, through analysis of the attack characteristics of attack packets, describes the principle of PHPBB2 remote command execution vulnerability, the causes of vulnerabilities and study the scheme of vulnerability; Through the research and analysis of Advanced Evasion Technique, carried out a large number of experiments on the target vulnerabilities, analysis the characteristics of attack packet, summarize Advanced Evasion Technique in the IP layer, TCP layer, HTTP layer.By learning the theory of knowledge of safety-related information, build a network attack environment, on the basis of theoretical knowledge, carried out a large number of experiments on the target vulnerabilities, find the cause of the target vulnerability and successfully resolved through research and analysis of the vulnerability, and targeted summarized the Advanced Evasion Technique which is applied to this vulnerability, according to the development and characteristics of Advanced Evasion Technique, proposed effective modifications of IPS defense technology. The study of this article has strong availability, the summary of Advanced Evasion Technique can be used in a variety of vulnerabilities, while providing a feasibility reference solution for security products. All in all, contents of this paper may provide some new research ideas and methods in applied research in network security.