20155217 "Cyber Confrontation" Exp08 Web Foundation

20155217 "Cyber Confrontation" Exp08 Web Foundation Practice Content

• Web Front end: HTML Basics
• Web Front end: Javascipt Basics
• Web back end: MySQL Basics
• Web back end: Php Basics
• SQL injection
• XSS attack test
• Implementation of posting and session management

Web Front end: HTML Basics

• Web development is server-based Apache , and EXP07 is already installed Apache. Using apachectl start the instructions to open the Apache service, use the netstat -aptn view port occupancy:

• Enter in the Kali browser to localhost:80 indicate that we are Apache working properly:

• Enter Apache The working directory /var/www/html , create a new 5217-1.html file, write a form containing the input user name, password to achieve login html .

• Results

Web Front end: Javascipt Basics

• The user name and password must be entered in order to restrict the user's login by modifying it directly in the previous code:

• The results are as follows:

MySQL Basics

• Enter /etc/init.d/mysql start open mysql service.
• Enter mysql -u root -p , log in as root, enter password according to prompt, default password is password, enter MySQL;

• You can modify the password: Enter, use mysql; Select a mysql database, enter update user set password=PASSWORD("20155217") where user=‘root‘; , change the password, enter flush privileges; , update permissions:

• Enter show databases; View permissions:

• Input to create database 库名; establish a database;
• Enter use 库名; using the database you just created:

• Input create table yd (userid VARCHAR(100),username VARCHAR(45),password VARCHAR(256),enabled VARCHAR(5)); set up data table;
• Enter show tables; to view the existing data table:

• Enter insert into yd(userid,username,password,enabled) values(1,‘20155217‘,‘5217‘,"TRUE"); add content to the table;
• Enter select * from yd; the current information in the View table:

Web back end: PHP Web page

• /var/www/htmlCreate a new test in the directory test.php PHP :

• The browser opens localhost/test.php to see /etc/passwd the contents of the file, noting that the PHP variable is case sensitive:

• /var/www/htmlwrite one in the directory 5217-2.html , and set 5217-2.html the form to submit to yd.php :

• Write login.php , connect to the database via PHP, and show if the user can log on successfully.

• To access the login page in the browser: localhost:80/5217-2.html , Error:

• So add new users to MySQL:
• Input insert into mysql.user(Host,User,Password) values("localhost","yd5217",password("5217")); ;
• Input grant all privileges on *.* to ‘yd5217‘ identified by ‘5217‘ with grant option; ;
• FLUSH PRIVILEGES;；

• Enter the user name and password stored in the database in the login page and click submit for user authentication login success, and vice versa:

SQL injection

• You can get a database on a Web site that has a security vulnerability by entering (a malicious) SQL statement in a Web form, by inserting a SQL command into a Web form to submit or entering a query string for a domain name or page request, eventually reaching a malicious SQL command that deceives the server.
• Login user name in the Web page, ‘ or 1=1# Enter the password casually, this time the SQL query statement after the synthesis, the equivalent of the comment, the select * from users where username=‘‘ or 1=1#‘ and password=md5(‘‘) # content will be commented out, and 1=1 is always true, so this condition is definitely established, so can successfully login:

• or first in PHP to change the if ($result = $mysqli->query($query_str)) statement if ($result = $mysqli->multi_query($query_str)) , and then enter in the User name box ‘;insert into yd values(‘888‘,‘skrr‘,‘1234‘,"TRUE");# in the database can be inserted directly into a forged user name, password, the next time you can use a forged username password to login to the site (before login to if ($result = $mysqli->query($query_str)) change the statement back).

XSS attack

• Cross Site scripting attacks (Scripting), which are not confused with the abbreviations of cascading style sheets (cascading style Sheets, CSS). Therefore, the cross-site scripting attack is abbreviated as XSS . XSSis a computer security vulnerability that often appears in web applications, allowing malicious Web users to embed code into pages that are available to other users. For example, the code includes HTML code and client script. An attacker could bypass access control by using an XSS vulnerability-such as the Origin policy (same). This type of vulnerability is widely known as being used by hackers to write more damaging phishing attacks. For cross-site scripting attacks, the hacker consensus is that cross-site scripting attacks are a new type of "buffer overflow attack", and JavaScript is the new "ShellCode".
• In the logged in user name 5217</a> , enter, read the picture in the /var/www/html directory:

Basic question Answer what is a form

• Form: Can collect the user's information and the feedback, is the website manager and the browser Communication bridge.
• The form consists of two parts: part of the HTML source code that describes the form (for example, fields, labels, and buttons that the user sees on the page), and a script or application that handles the submission (such as a CGI script). You cannot collect form data without using a processing script.
• Forms consist of form objects, such as text fields, checkboxes, radio boxes, menus, file address fields, and buttons, all of which are contained in a form structure that is marked by an identifier.
• Types of forms include the registration form, message book, site navigation bar, search engine and so on.

The browser can parse what language to run.

• Hypertext Markup Language: HTML
• Extensible Markup Language: XML
• Scripting languages: ASP, PHP, script, JavaScript, VBScript, Perl, Python, ColdFusion, Java, JSP, etc.

What dynamic languages are supported by webserver

• PHP language, JSP language.

Experimental experience

The experiment process really appeared too many problems Qaq, the most let me collapse is the original PHP can only display code, Baidu found missing httpd.conf file, want to re-next PHP, but do not know how to remove Apache! Fortunately there is a Exp07 snapshot that can restore the file, which needs to be done again before the TT. But found still not, thank my roommate, contributed her virtual machine, finally let me pass this problem smoothly, ushered in the next question: D

20155217 "Cyber Confrontation" Exp08 Web Foundation