20154312 Zeng Lin Exp8 Web Foundation

1. Answers to basic questions

1.1. What are forms

1.2. Browser can parse what language to run

What dynamic languages are supported by 1.3.WebServer

2. Practice Summary and experience

3. Practice Process Record

----3.1.WEB Front end: HTML Basics

----3.2.Web Front end: Javascipt Basics

----3.3.Web backend: MySQL Basics

----3.4.Web Backend: PHP Basics

----3.5.SQL Injection

----3.6XSS Attack test

1. Answers to the basic questions 1.1. What is a form 1.2. The browser can parse which language 1.3.WebServer supports which dynamic Language 2. Practice summary and Experience 3. Practice Process Recording----3.1.Web frontend: HTML Basics

1. Use the command to apachectl start open the Apache service

2. Use netstat -tupln |grep 80 the instructions to see what processes are occupied by port 80, and if so, kill+进程ID kill the process

3. cd .. then vi /var/www/html/ test.thml create an HTML file with the form in the Apache working directory

4. Log in using your browser to localhost:80 view

----3.2.Web Front end: Javascipt Basics

1. Using JavaScript to write a validation user name, password rules, renamed to test-1.html , in fact, the main increase is a section javascript of the Code, as follows:

<Script language="JavaScript">      function Validatelogin(){          varsUserName= Document.Frmlogin.username.value ;          varSpassword= Document.Frmlogin.Password.value ;            if((sUserName=="")||(sUserName=="Your name")){              Alert("Please enter the username!");              return false ;          }         if((Spassword=="")||(Spassword=="Your password")){              Alert("Please enter the password!");              return false ;          }      }  </script>

2. After re-login localhost:80 do not fill in the user name, there will be the following tips

----3.3.Web backend: MySQL Basics

0.kali is currently using a MariaDB mysql trend to turn from open source to closed, so MariaDB this branch is created to avoid risk

1. Use the /etc/init.d/mysql start start MySQL service, enter mysql -u root -p , and follow the prompts to enter the password, the default password is [email protected] , enter MySQL

2. Enter use mysql MySQL database, enter update user set password=PASSWORD("******") where user=‘root‘; , change password, enter flush privileges; , update permissions

3. Use to create database test_db; establish a database; Use to show databases; view existing databases; Use use test_db; the database we created

7. Use create table test_table (username VARCHAR(20), password VARCHAR(20)); the Build data table to show tables view the data sheet

8. Using insert into 表名 values(‘zenglin‘,‘20154312‘); insert data; using select * from test_table data from a query table

9. Add a zenglin new MySQL user named, using the grant select(insert,update,delete) on test_db.* to [email protected] identified by "*******"; instructions to

----3.4.Web Backend: PHP Basics

1. vi /var/www/html test.php Create a new php file named Test, using some basic syntax

2. localhost:80/test.php?a=/etc/passwd you can see the etc/passwd contents of the file in the browser window

3. Use the ExpGuide code in the teacher to create a new one for login_page.php simple user authentication

4. Change test-1.html form The action property to login.php , implement jump to login.php , enter to localhost/test-1.html access

5. Input zenglin and 20154312 will be able to connect up smoothly, and prompt login success

----3.5.SQL Injection

1. In the User name input box ‘ or 1=1# , the password is arbitrary, then the SQL query statement becomes, the equivalent of an select * from test_table where username=‘‘ or 1=1#‘ and password=‘‘ # annotation, will be the following comments out, or followed by 1=1 forever is true, so the inevitable login success

2. Use more than one SQL statement to attack, the if ($result = $mysqli->query($query_str)) query() change in multi_query , and then in the Username input ‘insert into test_table values(‘admin‘,‘123456‘);# , because the delimiter after the contents of the post # commented out, so the implementation is actually insert into lxmtable values(‘admin‘,‘123456‘); followed by login will appear the following page

----3.6XSS Attack test

20154312 Zeng Lin Exp8 Web Foundation