1. Answers to basic questions
1.1. What are forms
1.2. Browser can parse what language to run
What dynamic languages are supported by 1.3.WebServer
2. Practice Summary and experience
3. Practice Process Record
----3.1.WEB Front end: HTML Basics
----3.2.Web Front end: Javascipt Basics
----3.3.Web backend: MySQL Basics
----3.4.Web Backend: PHP Basics
----3.5.SQL Injection
----3.6XSS Attack test
1. Answers to the basic questions 1.1. What is a form 1.2. The browser can parse which language 1.3.WebServer supports which dynamic Language 2. Practice summary and Experience 3. Practice Process Recording----3.1.Web frontend: HTML Basics
1. Use the command to apachectl start
open the Apache service
2. Use netstat -tupln |grep 80
the instructions to see what processes are occupied by port 80, and if so, kill+进程ID
kill the process
3. cd ..
then vi /var/www/html/ test.thml
create an HTML file with the form in the Apache working directory
4. Log in using your browser to localhost:80
view
----3.2.Web Front end: Javascipt Basics
1. Using JavaScript to write a validation user name, password rules, renamed to test-1.html
, in fact, the main increase is a section javascript
of the Code, as follows:
<Script language="JavaScript"> function Validatelogin(){ varsUserName= Document.Frmlogin.username.value ; varSpassword= Document.Frmlogin.Password.value ; if((sUserName=="")||(sUserName=="Your name")){ Alert("Please enter the username!"); return false ; } if((Spassword=="")||(Spassword=="Your password")){ Alert("Please enter the password!"); return false ; } } </script>
2. After re-login localhost:80
do not fill in the user name, there will be the following tips
----3.3.Web backend: MySQL Basics
0.kali is currently using a MariaDB
mysql
trend to turn from open source to closed, so MariaDB
this branch is created to avoid risk
1. Use the /etc/init.d/mysql start
start MySQL service, enter mysql -u root -p
, and follow the prompts to enter the password, the default password is [email protected]
, enter MySQL
2. Enter use mysql
MySQL database, enter update user set password=PASSWORD("******") where user=‘root‘;
, change password, enter flush privileges;
, update permissions
3. Use to create database test_db;
establish a database; Use to show databases;
view existing databases; Use use test_db;
the database we created
7. Use create table test_table (username VARCHAR(20), password VARCHAR(20));
the Build data table to show tables
view the data sheet
8. Using insert into 表名 values(‘zenglin‘,‘20154312‘);
insert data; using select * from test_table
data from a query table
9. Add a zenglin
new MySQL user named, using the grant select(insert,update,delete) on test_db.* to [email protected] identified by "*******";
instructions to
----3.4.Web Backend: PHP Basics
1. vi /var/www/html test.php
Create a new php file named Test, using some basic syntax
2. localhost:80/test.php?a=/etc/passwd
you can see the etc/passwd
contents of the file in the browser window
3. Use the ExpGuide
code in the teacher to create a new one for login_page.php
simple user authentication
4. Change test-1.html
form
The action
property to login.php
, implement jump to login.php
, enter to localhost/test-1.html
access
5. Input zenglin
and 20154312
will be able to connect up smoothly, and prompt login success
----3.5.SQL Injection
1. In the User name input box ‘ or 1=1#
, the password is arbitrary, then the SQL query statement becomes, the equivalent of an select * from test_table where username=‘‘ or 1=1#‘ and password=‘‘
#
annotation, will be the following comments out, or
followed by 1=1
forever is true, so the inevitable login success
2. Use more than one SQL statement to attack, the if ($result = $mysqli->query($query_str))
query()
change in multi_query
, and then in the Username
input ‘insert into test_table values(‘admin‘,‘123456‘);#
, because the delimiter after the contents of the post #
commented out, so the implementation is actually insert into lxmtable values(‘admin‘,‘123456‘);
followed by login will appear the following page
----3.6XSS Attack test
20154312 Zeng Lin Exp8 Web Foundation