20155216 EXP8 Web Foundation Practice

EXP8 Web Foundation Practice content Apache Environment configuration

• Apache is the Web server under Kali, which opens the corresponding Web page by accessing it ip地址+端口号+文件名称 .

The input command vi /etc/apache2/ports.conf changes the listening port number of the apache2, using the service apache2 start open apache2;

and use NETSTAT-APTN to view the port number to confirm that Apache is turned on correctly:

You can then verify that Apache is turned on by using Kali's own browser access 127.0.0.1:5216 (native address + set listening port):

Front-end programming test:

Write the front-end code in the/var/www/html directory:

Open in Browser 127.0.0.1:5216/5216.html :

Enter Username,password at this time, then jump to 404 Not found, so we will write a PHP next.

PHP test

To create a new PHP test file:

Open again 127.0.0.1:5216/5216.html , click Submit after submission will be the following jump:

Web front-end JavaScript

• JavaScript, a web-based scripting language, has been widely used in Web application development and is often used to add a variety of dynamic functions to a Web page, providing users with a smoother and more beautiful view, usually by embedding it in HTML to implement its own functionality.

Write a rule that validates the user name and password: The user name password cannot be empty and the password length is between 6-16:

<script language="javascript">function check(form){                 var Username =form.user.value;                 var pwd =form.pw.value;                  if((Username == "")||(pwd == ""))//如果用户名为空                  {                        alert("用户名或密码不能为空");                        return false;                  }  if (pwd.length > 16 || pwd.length < 6)  {    alert("密码长度应该在 6 - 16 位");    return false;  }  form.submit();}</script>

The front end is also modified:

To test the front end:

Web back end, MySQL basics

Start MySQL: /etc/init.d/mysql start :

Enter mysql -u root -p , and follow the prompts to enter the password, the default password for [email protected] entering MySQL:

View Basic info: show databases ; Because no data tables were created, there is no information.

Then, we create a database testlogin: CREATE SCHEMA TestLogin; :

Enter the use TestLogin database to select the created;

Next, create a database table:

create table `users`(`userid` int not null comment ‘‘,`username` varchar(45) null comment ‘‘,`password` varchar(256) null comment ‘‘,`enabled` varchar(5) null comment ‘‘,primary key (`userid`) comment ‘‘);

Add data information: insert into users(userid,username,password,enabled) values( 1,‘5216‘,password("20155216"),"TRUE"); ;

Enter select * from users; to query:

The next step is to adapt PHP:

<?php $user = $_post["user"];           $PSW = $_post["PW"]; if ($user = = "" | | $PSW = = "") {echo ' <script>alert (' Please enter your name and password! ');           History.go ( -1);</script> ";               } else {$link = Mysqli_connect (' localhost:5216 ', ' root ', ' 20155216 ', ' testlogin ');//LINK database               mysqli_select_db ($link, "Testlogin");               Mysqli_query ($link, ' setname utf8 ');               $sql = "Select Username,password from users where username = ' $_post[user] ' and Password=password (' $PSW ');";              $result =mysqli_query ($link, $sql) or Die ("Failed". Mysqli_error ($link));    $row = Mysqli_fetch_array ($result); Stores the data in an array by index if ($num =mysqli_num_rows ($result)) {echo ' Welco                   Me ";              Echo$user;                   } else {echo$user; echo "<script>aLert (' Wrong username or password! ');              History.go ( -1);</script> "; }}?>

Jump PHP Connection Database via previous section:

When you enter the correct user name and password:

When you enter a user name and password error:

Simple SQL injection

The SQL query statement is: select 列 from 表 where username= ‘ ‘ , then when the SQL statement is added ' or 1=1#, it will become: select 列 from 表 where username=‘ ‘or 1=1#‘ .

So our backstage statement: SELECT username,password FROM users WHERE username=‘‘ and password=（‘‘） to be changed select username,password from users where username=‘ ‘or 1=1#‘ and password=(‘‘)，在用户名框中输入 ‘or 1=1# , password casually, you can see the success of the landing.

We can also save the user name and password in the database via SQL injection, but we have to modify the previous code:

In the User name box ‘;insert into users(userid,username,password,enabled) values(2,‘5200‘,password("20155200"),"TRUE");# , enter the $result=mysqli_query($link,$sql); $result = $mysqli->multi_query($query_str); following instead:

Then log in with the newly inserted user name and password, and the result is successful.

XSS attack

XSS attacks: Cross Site scripting attacks (Scripting), which are not confused with the abbreviations of cascading style sheets (cascading style Sheets, CSS). Therefore, the cross-site scripting attack is abbreviated as XSS. XSS is a computer security vulnerability that often appears in web applications, allowing malicious Web users to embed code into pages that are available to other users. For example, the code includes HTML code and client script. An attacker could bypass access control by using an XSS vulnerability-such as the Origin policy (same). This type of vulnerability is widely known as being used by hackers to write more damaging phishing attacks. For cross-site scripting attacks, the hacker consensus is that cross-site scripting attacks are a new type of "buffer overflow attack", and JavaScript is the new "ShellCode".

In the User name input box, enter the read picture, the picture and the page code in the same folder, the password is arbitrary:

XSS attack succeeded.

Basic question Answer

(1) What is a form

A form is an area that contains form elements, which are elements that allow users to enter information in table consignments (such as text fields, drop-down lists, radio boxes, checkboxes, and so on), which are primarily responsible for data collection functions in a Web page, with three basic components: Form labels, form fields, form buttons;
Form Labels: Here The bread contains the URL of the CGI program used to process the form data and the method by which the data is submitted to the server;
form field: Contains text box, Password box, hidden field, multiline text box, check box, Radio box, drop-down selection box and file upload box;
Form buttons: Include the Submit button, reset button, and General button, which can be used to transfer data to CGI scripts on the server, or to cancel input, and to use form buttons to control other processing tasks that define the processing script.

(2) The browser can parse what language to run.

Hypertext Markup Language: HTML
Extensible Markup Language: XML
Scripting languages: ASP, PHP, script, JavaScript, VBScript, Perl, Python, ColdFusion, Java, JSP, etc.
(3) What dynamic languages are supported by webserver

asp,jsp,php

Experiment Summary and experience

This experiment is mainly to achieve the simple Web page attacks, are relatively basic, the previous course also involved in a part, such as SQL injection, XSS attacks. In the current situation, no one site will have no protection against any attack, once the design of the Web security, then our simple attack method is not useful, so to achieve a real attack, we have to learn a lot of things. Through this experiment also reminds us of the importance of web security design, for our future site building provides a good reference.

20155216 EXP8 Web Foundation Practice