20155201 Network attack and Defense Technology Experiment Eight Web Foundation one, the practice content
- Web front-end HTML, can be installed properly, start and stop Apache. Understand the HTML, understand the form, understand the get and post methods, and write an HTML containing the form.
- Web front-end javascipt, understanding the basic JavaScript functionality, understanding the DOM. Write JavaScript to verify the user name, password rules.
- Web backend: MySQL Foundation: normal installation, start MySQL, build library, create user, change password, build table.
- Web backend: Write a PHP Web page, connect to the database, and authenticate the user.
- The simplest SQL injection, XSS attack test; Function Description: User can login, login user name password saved in the database, login successfully display welcome page.
Ii. contents of the report: 1. Basic question Answer 1) What is a form?
Forms are primarily responsible for data collection functions in Web pages. A form has three basic components: form labels: Here The bread contains the URL of the CGI program used to process the form data and the method by which the data is submitted to the server.
Form fields: Contains text boxes, password boxes, hidden fields, multiline text boxes, check boxes, radio boxes, drop-down selection boxes, file upload boxes, and so on. Form buttons: Includes the Submit button, reset button, and General button, which can be used to transfer data to CGI scripts on the server, or to cancel input, and to use form buttons to control other processing tasks that define the processing script.
2) What language is the browser capable of parsing and running?
Html,xml,python,php,javascript,asp and other scripting languages.
3) What dynamic languages are supported by webserver
JavaScript, ASP, PHP, Ruby and other scripting languages.
2. Practice Summary and experience
The experiment in accordance with the previous senior blog to do, directly paste the code has a little problem, took a little time to find the result is a very simple code error, corrected everything is still relatively smooth, other problems students have a solution; the preparation of this experiment included the last semester of network security programming based Java Web Part, code or need to recall all of a sudden to finish, complete the content took a little time, but more important is the database knowledge of the memory, the attack part of the understanding, analysis, feeling a lot of harvest.
3. Practice Process Record
- Web front-end HTML
- Web Front End Javascipt
- Web back-end MySQL Basics
- Web Back-end PHP
- SQL injection attack, XSS attack test
Web Front End: HTML
- Our web development is based on the Apache server, direct installation with instructions
sudo apt-get install apache2
, now Kali should be installed Apache. You can use netstat -tupln |grep 80
the instructions first to see what process is occupied by 80 ports, if there is a seizure remember kill ~ Use the command to apachectl start
open the Apache service
- Enter in Firefox
127.0.0.1:80
, the default Web page of Apache, the server is open normally
After cd/var/www/html
enters the working directory of Apache, VI test1.html
Create a new HTML file containing the form, Our common login page is generally used to submit data in the form of a one-way backstage, so you can write a simple login page, the code is as follows:
- Here, the method
method
POST
attribute is divided into post and get two, the main differences are the following aspects:
- Get is used to get data from the server, and post is used to pass data to the server
- Get is not secure, because in the transfer process, the data is placed in the requested URL, and now many of the existing servers will log the URL to the journal file, and then store it somewhere, which may reveal the information. All the actions of the post are not visible to the user.
- Get transmission of small amount of data, post transmission volume is large, so in the upload file can only use post;
Web Front End Javascipt
We can use JavaScript to write a rule that validates the username and password, modifies it directly on the previous code, renames login_test.html
it, and the code looks like this:
- If you enter the user name or password is empty, the corresponding dialog box pops up, and then click on the Login button to execute the function once, you can open to see the effect:
Web back end: MySQL Basics
Enter the command to start the /etc/init.d/mysql start
MySQL service, enter mysql -u root -p
, and follow the prompts to enter the password, the default password is password
, enter MySQL, note: In MySQL, enter the command after the commands have a semicolon as a command terminator:
- Input,
use mysql;
Select MySQL database, enter, update user set password=PASSWORD("新密码") where user=‘root‘;
change password, enter flush privileges;
, update permissions
- Exit the database and log back in with the new password
- Use to
create database 库名;
build a database, use to show databases;
view existing databases, and use use 库名;
the database we created:
- Using the
create table 表名 (字段设定列表);
build data table, the data table is a very important object in the database, a database may contain several data tables, use to show tables;
view the existing data table:
- Use
insert into 表名 values(‘值1‘,‘值2‘,‘值3‘...);
Insert data, use select * from 表名;
data from a query table:
- Adding new users to MySQL, using
grant select,insert,update,delete on 数据库.* to 用户名@登录主机(可以是localhost,也可以是远程登录方式的IP) identified by "密码";
instructions, this sentence means 将对某数据库的所有表的select,insert,update,delete权限授予某ip登录的某用户
. , after adding a new user, exit, re-login with a new user name and password, login success Description to increase the success of the new user:
Web back end: Php BasicsPHP is a common open source scripting language, which absorbs the features of C, Java, and Perl, and is mainly used in the field of web development. It can execute Dynamic Web pages more quickly than CGI or Perl. PHP is a dynamic page compared to other programming languages, PHP is to embed the program into the HTML document execution, execution efficiency than the full HTML markup of the CGI is much higher; PHP can also execute compiled code, compile can achieve encryption and optimize the code to run, so that the code runs faster.
/var/www/html
Create a new PHP test file in the directory and get a quick look at some of its syntax:vi lzw_test.php
<?phpecho ($_GET["a"]);include($_GET["a"]);echo "This is lxm php test page!<br>";?>
- Enter in the browser URL bar to
localhost:80/lzw_test.php?a=/etc/passwd
see /etc/passwd
the contents of the file
The use of PHP and MySQL in conjunction with the pre-compiled login Web page for simple user authentication, here can refer to the code written by the teacher login.php
, the code is as follows!! Note here with a lot of seniors of the code compared to change, or follow up is not going down!! It is possible to do this by experimenting with many students.
<?php$uname=$_post["username"]; $pwd =$_post["password"];echo $uname; $query _str= "SELECT * from Users where Username= ' $uname ' and password= ' $pwd '; "; $mysqli = new Mysqli ("127.0.0.1", "LZW", "970828", "wldk_db");/* Check connection */if ($mysqli->connect_errno) {PR intf ("Connect failed:%s\n", $mysqli->connect_error); Exit ();} echo "Connection ok!"; * Select queries return a resultset */if ($result = $mysqli->multi_query ($query _str)) {if ($result->num_rows ; 0) {echo "<br> Welcome login mr/mrs:{$uname} <br>"; } else {echo ' <br> login failed!!!! <br> ";} /* FREE Result set */$result->close ();} $mysqli->close ();?
- The method in the first line changes to post, either get or post, and remember to be consistent with method in the HTML file.
- In line five
users
is my own table name, according to the actual modification
- The five lines of the central Plains
username=‘{$uname}‘ and password=‘{$pwd}‘;
, remember to delete the curly braces, in fact, think we know our own in the database when the select where the curly braces?
- Line six of
"lzw"
my SQL is another non-root user, if you want to log in root will be prompted access denied
, 970828
is the lzw
user's password, WLDK_DB
is a database within the user.
Change the Action property of the form in the code of the previously compiled login page login_test.html
#
login.php
to jump to login.php
it, then enter localhost:80/login_test.html
the login page in Firefox.
- Enter the username and password in the table and login for user authentication.
- If it is successful, this is the Welcome interface:
- If the connection library fails to fail, the workaround is to create a new user, just said
- If the library, table, and field correspondence is not clear, it is easy to fail authentication, this is the
SQL injection attacks, XSS attacks SQL injection, by inserting a SQL command into a Web form to submit or entering a query string for a domain name or page request, eventually achieves a malicious SQL command that deceives the server. Specifically, it is the ability to inject (malicious) SQL commands into the background database engine execution using existing applications, which can be obtained by entering (malicious) SQL statements in a Web form to a database on a Web site that has a security vulnerability, rather than executing the SQL statement as the designer intended.
- Enter the
' or 1=1#
in the User name input box, and the password can be entered successfully.
-
- The principle is that the input user name and the SELECT statement in our code are combined into the
select * from users where username= ' or 1=1# ' an D password= '
, #
equivalent to the comment, will be commented out after the content, and 1=1
is a permanent, so this condition is always set up, so can successfully login, this information system security before ~ ~ It turns out to be this way.
- We can also save the user name and password in the database by using SQL injection, but we have to modify the previous code because the
if ($result = $mysqli in the previously compiled code Query ($query _str))
This judgment statement does not allow multiple SQL statements to be executed, so change it to if ($result = $mysqli->multi_query ($query _str))
You can implement multiple SQL statements
- enter
' in the User name input box, insert into users values (' 20155313 ', ' 961222 '), #
, and take it apart to see that SELECT * From the users WHERE username= ';
, insert into users values (' 20155313 ', ' 961222 '),
, and then log in, will prompt login failure, what about the failure?? It's not the bed. Insert hahaha:
- Remember to change the code that executes the SQL statement back, or else it will fail again.
if ($result = $mysqli->query ($query _str))
, enter a new user name and password, login successful
XSS attacks: Cross Site scripting attacks (Scripting), which are not confused with the abbreviations of cascading style sheets (cascading style Sheets, CSS). Therefore, the cross-site scripting attack is abbreviated as XSS. XSS is a computer security vulnerability that often appears in web applications, allowing malicious Web users to embed code into pages that are available to other users. For example, the code includes HTML code and client script. An attacker could bypass access control by using an XSS vulnerability-such as the Origin policy (same). This type of vulnerability is widely known as being used by hackers to write more damaging phishing attacks. For cross-site scripting attacks, the hacker consensus is that cross-site scripting attacks are a new type of "buffer overflow attack", and JavaScript is the new "ShellCode".
- Save a lovely picture in the
/var/www/html
catalogue
- In the User name input box,
balabala</a>
enter /var/www/html
the picture under Read directory:
20155201 Network attack and Defense Technology Experiment Eight Web Foundation