20155223 EXP8 Web Foundation Practice

20155223 EXP8 the basics of Web basic practice answer what is a form?

A form is a region that contains form elements.
Form elements are elements that allow users to enter information in a table consignments (such as a text field, drop-down list, radio box, check box, and so on).
The form uses the form label definition.

What language does the browser parse to run?

Hypertext Markup Language: HTML
Extensible Markup Language: XML
There are also various scripting languages.

What dynamic languages does webserver support?

These languages: ASP, JSP, PHP.

Practice Content Web front-end HTML

To run the Web, first confirm that the native installation has apache2. Enter the command: apache2 -v .

So since I have this thing installed, start it.
Then look at the port occupancy of the virtual machine now.

Enter the local address in the browser to confirm the Apache2 's working condition. You can use it to continue.

I edit the point text file in the working directory, to confirm that apache2 can read the file.
Input command: vi /var/www/html/demo.txt , Chaget input random field after saving left.
Login in the browser interface [本机IP地址]/demo.txt and then come out of this thing.

Next, compile a foreground code in the same directory.
In the highlight section can make Chinese character coding normal use, otherwise it will be garbled in the Chinese character part.

Use effect:

Of course, nothing happens after you enter your user name and password.

Web front-end JavaScript

In fact, the original HTML file based on the addition of some JavaScript code.

is the simple code.
Then we'll see how it works.

Well, that's the end of the front section.

Web back-end MySQL

Command line Terminal input command: /etc/init.d/mysql start .

Then follow the command to create the user, modify the password, update the permissions, and then exit the re-entry must enter a new password.

Well, start building the database.

It is important to note that the first time I built it, I didn't use the anti-quote, which is the key ESC under the key, to build the library with that key. Also, I still don't know which code heap the more "users" library came from.
Then follow the results Input command as follows:

OK, the library, the table is finished.

Web Back-end PHP

First of all, I have to make sure that there is something I want in Kali.

o su Huang K! Go on!
If you want HTML to be connected to PHP, you must first make changes to the HTML. Highlight part of the edit section.

Then, the PHP code is edited.

<!DOCTYPE html>

Then the code runs out of control--a blank space. No way, after a few steps must go to the Windows environment to do.
Everything in the database I have changed to the outside environment, the code changes are not much, take out can be used.
First try, I enter the correct user name and password, the page will work?


All right, that's it!
I'll try the wrong input again.


No problem, o98k!

SQL injection attacks

I learned the simplest way to attack SQL.
First in the background, take the Select section from this:

SELECT username,password FROM users WHERE username=‘‘ and password=（‘‘）

Change to this:

select username,password from users where username=‘‘ or 1=1#‘ and password=(‘‘)

is to let the code accept the perpetual truth, and then I enter whatever system will let me in.

XSS attack

First of all, I want to learn what this "XSS" is.
XSS is a computer security vulnerability that often appears in web applications, allowing malicious Web users to embed code into pages that are available to other users. For example, the code includes HTML code and client script. An attacker could bypass access control by using an XSS vulnerability-such as the Origin policy (same). This type of vulnerability is widely known for being exploited by hackers to write more harmful phishing (Phishing) attacks. For cross-site scripting attacks, the hacker consensus is that cross-site scripting attacks are a new type of "buffer overflow attack", and JavaScript is the new "ShellCode".
Ah, is it such a thing?
To do this, first I had to change the longest string length that the username could hold, to 100.
Then it is the login page again, in the User name section input: The picture is an EU banner, and the page code to put together.

Hey, come on!

Experimental Thoughts

I am as always to say Kali: Why not call the police? Is there a problem with the statement you don't have TM monitoring? Does the file have a missing report?
I want make a big motherfucker hole!

20155223 EXP8 Web Foundation Practice