php universal injection and injection detailed instructions

php tutorial generic anti-injection is mainly to filter some sql command and php post get pass over reference / we want to filter some illegal characters, so that you can prevent the basic injection, and that off the apache server installation settings method is also necessary. Administrator user name and password are taken md5 encryption, so that we can effectively prevent the injection of php.
There are servers and mysql tutorials should also strengthen some security precautions.
For linux server security settings:
Encrypt password, use the "/ usr / sbin / authconfig" tool to open the password shadow function, the password is encrypted.
No access to important documents, enter the linux command interface, at the prompt enter:
# chmod 600 /etc/inetd.conf / / Change the file attributes to 600
#chattr + i /etc/inetd.conf // Make sure the file owner is root
#chattr -i /etc/inetd.conf // restrictions on the changes of the document
Any user is prohibited from changing to root by the su command Add the following two lines to the beginning of the su configuration file, /etc/pam.d/:
auth sufficient /lib/security/pam_rootok.so debug
auth required /lib/security/pam_whell.so group = wheel
Delete all special accounts
# userdel lp and so delete the user
#groupdel lp Etc. The delete group forbids unused suid / sgid programs
#find / -type f (-perm -0 04000 - o -perm -02000) -execls -lg {};

$ arrfiltrate = array ("", ";", "union", "select", "insert", "update", "delete", "load_file", "outfile"); url

$ strgourl = "";

function funstringexist ($ strfiltrate, $ arrfiltrate)
{
foreach ($ arrfiltrate as $ key => $ value)
{
if (eregi ($ value, $ strfiltrate))
{
return true;
}
}
return false;
}
// merge $ _post, $ _get, and $ _cookie

if (function_exists (array_merge))
{
$ arrpostgetcookiesession = array_merge ($ http_post_vars, $ http_get_vars, $ http_cookie_vars);
$ string = implode ("", $ arrpostgetcookiesession);
}//verification

if (funstringexist ($ string, $ arrfiltrate))
{
echo "<script language =" web effects "> alert (" prompt, illegal characters "); </ script>";
}
else
{
echo "<script language =" javascript "> window.location =" ". $ strgourl." "; </ script>";
} The second anti-injection instance

php universal anti-injection security code Description:
Judge whether the variable passed contains illegal characters such as $ _post, $ _ get
Features:
Anti-injection
************************** /
// illegal characters to be filtered
$ arrfiltrate = array ("'", ";", "union");
// jump after the error url, do not fill the default previous page
$ strgourl = "";
// Whether there is an array value
function funstringexist ($ strfiltrate, $ arrfiltrate) {
foreach ($ arrfiltrate as $ key => $ value) {
if (eregi ($ value, $ strfiltrate)) {
return true;
}
}
return false;
}
// Combine $ _post and $ _get
if (function_exists (array_merge)) {
$ arrpostandget = array_merge ($ http_post_vars, $ http_get_vars);
} else {
foreach ($ http_post_vars as $ key => $ value) {
$ arrpostandget [] = $ value;
}
foreach ($ http_get_vars as $ key => $ value) {
$ arrpostandget [] = $ value;
}
}
// validation begins
foreach ($ arrpostandget as $ key => $ value) {
if (funstringexist ($ value, $ arrfiltrate)) {
echo "alert (/" neeao prompt, illegal characters / ");";
if (empty ($ strgourl)) {
echo "history.go (-1);";
} else {
echo "window.location = /" ". $ strgourl." / ";";
}
exit
}
}

Look at the details about injection

Converted to ascii after char (97,108,112,104,97)
Converted to hexadecimal is 0x616c706861
(We'll provide the hex and ascii conversion tools on the CD)
Ok directly in the browser, type:

http: //localhost/site/admin/login.php?
username = char (97,108,112,104,97)% 23
sql statement becomes:

select * from alphaaut

hor where username = char (97,108,112,104,97) # and password =

As shown in Figure 21

As we expected, he successfully implemented and we got what we wanted.
Of course, we can construct it like this

http://www.jzread.com/site/admin/login.php?username=0x616c706861%23
sql statement becomes:

select * from alphaauthor where username
= 0x616c706861% 23 # and password =
We are the winner again. Great sense of accomplishment

Maybe you might ask if we can put # in char () and actually char (97,108,112,104,97) is equivalent to alpha
Note that alpha is a quotation mark, which means alpha string.
We know that if executed in mysql

mysql> select * from dl_users where username = alpha;
error 1054 (42s22): unknown column alpha in where clause
Look returned error. Because he would think that alpha is a variable. So we have to quote the alpha.
as follows

mysql> select * from dl_users where username = alpha;