20155207 EXP8 Web Foundation

Source: Internet
Author: User
Tags button type install php

20155207 EXP8 Web Foundation Experiment Content
    • (1) Web front-end HTML
    • (2) Web Front End Javascipt
    • (3) Web backend: MySQL Foundation: normal installation, start MySQL, build library, create user, change password, build table
    • (4) Web backend: Writing PHP Web pages, connecting databases, authenticating users
    • (5) Simplest SQL injection, XSS attack test
Basic question Answer
    • (1) What is a form
    • In the Web page is responsible for information collection, in the Web page user input information, through the form can be submitted to the background for the corresponding processing
    • (2) browser can parse what language to run
    • HTML, Css,js script will call the JS scripting engine to handle, PHP interpretation is performed on the server side
    • (3) What dynamic languages are supported by webserver
    • ASP, PHP, JSP, Python
Practice process Recording Apache
    • Launch Apache, view port occupancy

    • Detects if Apache is working properly, Fierfox access localhost:80 , and displays the Google landing page intercepted by Apache

Writing Web pages
    • Test: Apache reads files under working directory
    • Input string

    • Browser opens Localhost:80/test.txt

Front-end programming
    • Write a simple HTML page for login

    • The method parameter is get, so the input value is displayed in the URL, submitted

    • JavaScript, write code that tests whether the password is empty

    • Test, enter an empty password
    • Popup dialog box

Back-end programming PHP
    • Install PHP
    • Test PHP

    • Write PHP to try to get form data

    • The form is submitted using the Post method, and PHP needs to be modified using the POST method

Mysql
    • Install start MySQL

    • Go to MySQL:

Enter /etc/init.d/mysql start the MySQL service to open,
Enter mysql -u root -p , log in as root, enter the password according to the prompt, the default password is [email protected], enter MySQL;

    • Change Password: The previous default password is not good to remember, you can change the password

      输入use mysql;选择mysql数据库输入select user, password, host from user;显示mysql库中已有的用户名、密码与权限输入UPDATE user SET password=PASSWORD("新密码") WHERE user=‘root‘;更改用户名root的密码输入flush privileges;更新权限。输入quit退出,重新登录mysql
    • Re mysql -u root –p -enter and log in with the new password.
    • Create a database and a new table. The command is as follows:

      create database 库名;use 库名;create table gyl (userid VARCHAR(100),username VARCHAR(45),password VARCHAR(256),enabled VARCHAR(5));
    • Table name users four fields UserID, username, password, enabled primary key UserID
    • Add an account to a table

SQL injection
    • In the user name of the Web login ‘ or 1=1# , enter the password casually, this time the synthesized SQL query statement isselect * from users where username=‘‘ or 1=1#‘ and password=md5(‘‘)

    • You can get a database on a Web site that has a security vulnerability by entering (a malicious) SQL statement in a Web form, by inserting a SQL command into a Web form to submit or entering a query string for a domain name or page request, eventually reaching a malicious SQL command that deceives the server.

    • Modify code to allow multiple executions, SQL injection to save the user name and password in the database

XSS attack
    • In the logged in user name, enter: 5207, read the picture under the/var/www/html directory

20155207 EXP8 Web Foundation

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.