20155207 EXP8 Web Foundation Experiment Content
- (1) Web front-end HTML
- (2) Web Front End Javascipt
- (3) Web backend: MySQL Foundation: normal installation, start MySQL, build library, create user, change password, build table
- (4) Web backend: Writing PHP Web pages, connecting databases, authenticating users
- (5) Simplest SQL injection, XSS attack test
Basic question Answer
- (1) What is a form
- In the Web page is responsible for information collection, in the Web page user input information, through the form can be submitted to the background for the corresponding processing
- (2) browser can parse what language to run
- HTML, Css,js script will call the JS scripting engine to handle, PHP interpretation is performed on the server side
- (3) What dynamic languages are supported by webserver
- ASP, PHP, JSP, Python
Practice process Recording Apache
Launch Apache, view port occupancy
Detects if Apache is working properly, Fierfox access localhost:80
, and displays the Google landing page intercepted by Apache
Writing Web pages
Front-end programming
- Write a simple HTML page for login
The method parameter is get, so the input value is displayed in the URL, submitted
JavaScript, write code that tests whether the password is empty
- Test, enter an empty password
- Popup dialog box
Back-end programming PHP
- Write PHP to try to get form data
- The form is submitted using the Post method, and PHP needs to be modified using the POST method
Mysql
Install start MySQL
Go to MySQL:
Enter /etc/init.d/mysql start
the MySQL service to open,
Enter mysql -u root -p
, log in as root, enter the password according to the prompt, the default password is [email protected], enter MySQL;
Change Password: The previous default password is not good to remember, you can change the password
输入use mysql;选择mysql数据库输入select user, password, host from user;显示mysql库中已有的用户名、密码与权限输入UPDATE user SET password=PASSWORD("新密码") WHERE user=‘root‘;更改用户名root的密码输入flush privileges;更新权限。输入quit退出,重新登录mysql
- Re
mysql -u root –p
-enter and log in with the new password.
Create a database and a new table. The command is as follows:
create database 库名;use 库名;create table gyl (userid VARCHAR(100),username VARCHAR(45),password VARCHAR(256),enabled VARCHAR(5));
- Table name users four fields UserID, username, password, enabled primary key UserID
Add an account to a table
SQL injection
- In the user name of the Web login
‘ or 1=1#
, enter the password casually, this time the synthesized SQL query statement isselect * from users where username=‘‘ or 1=1#‘ and password=md5(‘‘)
You can get a database on a Web site that has a security vulnerability by entering (a malicious) SQL statement in a Web form, by inserting a SQL command into a Web form to submit or entering a query string for a domain name or page request, eventually reaching a malicious SQL command that deceives the server.
Modify code to allow multiple executions, SQL injection to save the user name and password in the database
XSS attack
- In the logged in user name, enter: 5207, read the picture under the/var/www/html directory
20155207 EXP8 Web Foundation