# 2017-2018-2 20155319 "network countermeasure technology" Exp8:web Foundation

2017-2018-2 20155319 "Network countermeasure Technology" Exp8:web basic principle and practice description

1. Practice Specific requirements

(1). Web front-end HTML (0.5 points)

Can install normally, start and stop Apache. Understand the HTML, understand the form, understand the get and post methods, and write an HTML containing the form.

(2). Web Front end Javascipt (0.5 points)

Understand the basic JavaScript functionality and understand the DOM. Write JavaScript to verify the user name, password rules.

(3). Web backend: MySQL Foundation: normal installation, start MySQL, build library, create user, change password, build table (0.5 points)

(4). Web backend: Writing PHP Web pages, connecting databases, authenticating users (1 points)

(5). Simplest SQL injection, XSS attack test (1 points)

2. Answers to basic questions

(1) What is a form?

• Forms are primarily responsible for data collection functions in Web pages. There are three basic components of a form:
  Form Labels: Here The bread contains the URL of the CGI program used to process the form data and the method by which the data is submitted to the server.

(2) What language does the browser have to parse and run?

• Support for HTML (Hypertext Markup Language), XML (Extensible Markup Language), as well as Python, PHP, JavaScript, ASP and many other scripting languages.

(3) What dynamic languages does webserver support?

• The most commonly used three dynamic web languages are ASP (Activeserverpages), JSP (javaserverpages), PHP (Hypertextpreprocessor).

Two. Practice process record 1.Web frontend: HTML

1. Using the netstat -aptn View 80 port is occupied, found that my computer's 80 port is not occupied, can also be used to kill the process. Use the service apache2 start command to open the Apache service. To see if the port is used by Apache:

At this point in the browser input 127.0.0.1 , you can see the last experimental cloned URL.

2. Using the cd /var/www/html go to Apache directory, create a simple HTML file containing the form vi login.html :

• Login.html:

  Open in Browser:


Click Login:


2.Web Front End: Javascipt

1. On the original login.html basis, you can add a piece of JavaScript code to complete the user whether to fill out the mailbox and password judgment. The modified logintest.html is as follows:

2. In the browser access 127.0.0.1:80/logintest.html , if the user's mailbox or password is not filled in the submission, the webpage will be reported prompt:


Login success will show success:


3.Web backend: MySQL Basics

1. Enter the /etc/init.d/mysql start MySQL service to start. Because the first login does not know the password so the internet found a way: first open/etc/mysql find the MySQL folder, select 50-server.cnf the following line to join skip-grant-tables and save the exit, and then restart the link to skip the password.

2. Enter, use mysql Select MySQL database, enter update user set password=PASSWORD("新密码") where user=‘root‘;，修改密码；输入flush privileges; , update permissions

3. Exit the database and log back in with the new password

4. Use the CREATE database name; set up a database using show databases; View the existing database:

5. Use use 库名 ; Use the database that we created, use the create table 表名 (字段设定列表); build data table, the data table is a very important object in the database, a database may contain several data tables, use show tables; to view the existing data table

6. Use insert into 表名 values(‘值1‘,‘值2‘,‘值3‘...); Insert data, use select * from 表名; data from the query table:

7. Add a new user to MySQL, using the grant select,insert,update,delete on 数据库.* to 用户名@登录主机(可以是localhost,也可以是远程登录方式的IP) identified by "密码"; directive, which means that the Select,insert,update,delete permissions on all tables of a database are granted to a user of an IP login. , after adding a new user, exit, re-login with a new user name and password, login success Description to increase the success of the new user:

4.Web Backend: PHP Basics

PHP是一种通用开源脚本语言，语法吸收了C语言、Java和Perl的特点，主要适用于Web开发领域。它可以比CGI或者Perl更快速地执行动态网页。用PHP做出的动态页面与其他的编程语言相比，PHP是将程序嵌入到HTML文档中去执行，执行效率比完全生成HTML标记的CGI要高许多；PHP还可以执行编译后代码，编译可以达到加密和优化代码运行，使代码运行更快。

1. /var/www/html Create a new PHP test file in the directory to get a quick look at some of its syntax:vi test.php

<?phpecho ($_GET["a"]);include($_GET["a"]);echo "This is rhl php page!<br>";?>

2. Enter in the browser URL field to localhost:80/test.php?a=/etc/passwd see the contents of the/etc/passwd file:

3. Using PHP and MySQL in conjunction with the previous compiled login page for simple user authentication, here can refer to the code written by the teacher rhl.php , code and configuration as follows:

<?php$uname=$_POST["username"];$pwd=$_POST["password"];echo $uname;$query_str="SELECT * FROM loginlist where username=‘$uname‘ and password=‘$pwd‘;";$mysqli = new mysqli("127.0.0.1", "rhl", "toor", "rhl");/* check connection */if ($mysqli->connect_errno) {    printf("Connect failed: %s\n", $mysqli->connect_error);    exit();}echo "connection ok!";/* Select queries return a resultset */if ($result = $mysqli->query($query_str)) {    if ($result->num_rows > 0 ){            echo "<br> {$uname}:Welcome!!! <br> ";    }     else {        echo "<br> login failed!!!! <br> " ; }    /* free result set */    $result->close();}$mysqli->close();?>

4. Change the Action property of the form in the code of the previously compiled login Web page logintest.html from # to rhl.php , that is, jump to rhl.php after logging in, and then enter localhost:80/logintest.html your login page in Firefox
Successful interface:

Failure interface:

5.SQL injection attacks, XSS attacks

• SQL injection, by inserting a SQL command into a Web form to submit or entering a query string for a domain name or page request, eventually achieves a malicious SQL command that deceives the server. Specifically, it is the ability to inject (malicious) SQL commands into the background database engine execution using existing applications, which can be obtained by entering (malicious) SQL statements in a Web form to a database on a Web site that has a security vulnerability, rather than executing the SQL statement as the designer intended.

1. Enter the username in the box, enter the ‘ or 1=1# password casually, you can log in successfully.

/ Enter the user name and our code in the combination of the SELECT statement select * from users where username=‘‘ or 1=1#‘ and password=‘‘ to become, #相当于注释符, will be commented out after the content, and 1=1 is forever, so this condition is always set up /

• XSS attacks: Cross Site scripting attacks (Scripting), which are not confused with the abbreviations of cascading style sheets (cascading style Sheets, CSS). Therefore, the cross-site scripting attack is abbreviated as XSS. XSS is a computer security vulnerability that often appears in web applications, allowing malicious Web users to embed code into pages that are available to other users. For example, the code includes HTML code and client script. An attacker could bypass access control by using an XSS vulnerability-such as the Origin policy (same). This type of vulnerability is widely known as being used by hackers to write more damaging phishing attacks. For cross-site scripting attacks, the hacker consensus is that cross-site scripting attacks are a new type of "buffer overflow attack", and JavaScript is the new "ShellCode".

1. Save a picture in the/var/www/html directory

2. In the User name input box, enter the image to read the/var/www/html directory:

Third, practice summary and experience

At the beginning of the experiment, the machine did not have the default PHP, found after the reload, and then there is a problem with MySQL! Finally changed a virtual machine successfully completed. This experiment applied to Java, Web page production and other knowledge, relive the previous knowledge. At the same time, the use of SQL injection, XSS attacks and other network attacks, Web page attacks, although the process is very difficult, but made to be particularly happy!

# 2017-2018-2 20155319 "network countermeasure technology" Exp8:web Foundation