20155324 The Web Security Foundation practice of network countermeasure technology

20155324 "Network countermeasure Technology" Web Security Foundation Practice Experiment Content

Use Webgoat for XSS attacks, CSRF attacks, SQL injection

Experimental question and answer SQL injection attack principle, how to defend

The ①sql injection attack is an attacker who adds additional SQL statements at the end of a predefined query in a Web application, takes SQL statements as user names, and then enters normal Web pages to obtain database information, eventually reaching a malicious SQL command that deceives the server

② filter The input data and encrypt the password in the database

The principle of XSS attack, how to defend

① is successfully executed by the browser by injecting executable code into the Web page to achieve the purpose of the attack.

② validation of user-entered data, executable code, special character-related not allowed through

CSRF attack principle, how to defend

①CSRF is a cross-site request forgery, a malicious use of a Web site that exploits a trusted Web site by disguising a request from a trusted user

② regular cleanup of saved cookies, random verification code verification

Experimental process

Enter command to open webgoat

Enter webgoat in the browser input localhost:8080/webgoat

SQL Practice SQL string Injection (String SQL injection)

• Ask for information that can only be found by a single person, through the injection of SQL statements to show the entire table
• ? construct statement ' or 1 = ' 1, successfully obtained all the information

Digital SQL injection (Numeric SQL injection)

• The form allows the user to see the weather data, using SQL injection to see all the data
• Modify station value from 101 to 101 or 1=1, the SQL statement in the right response package is select * FROM Weather_data WHERE station = 101 or 1=1

Go back to the browser and click Go to show the experiment was successful, but it didn't show all the information ah, it's awkward.

Command Injection (injection)

• Requires the ability to execute arbitrary system commands on the target host
• Directly in the source code of the page to modify, directly after the option to add "&&ifconfig"

Go back to the browser, select the option you just modified, submit

Blind digital Injection (Blind Numeric SQL injection)

• Get a value pin stored in the pins table, line number cc_number=1111222233334444, is an int type of data
• ? Try the default of 101, find the show account number is valid, the description is True

Then determine the upper and lower bounds using the dichotomy method to get the answer 2364

SQL Injection Lab (Lab SQL injection)

• Stage 1:string SQL Injection:
• Use string SQL injection to log in to the account without the correct password boss
• Direct login, display failure

• Change password to ' or 1=1--bypass password check
• But the password can only be 8 bits, so change the number of password bits

Login successful

• Stage 3:numeric SQL Injection
• View the boss's account information through an ordinary employee's account
• Log in and find out that we can only see Larry's payroll information for one person

Change one of the value values to 101 or 1=1 order BY salary DESC

Sign in to see your boss's message

Logging Spoofing (log Spoofing)

• Use the format of the log to trick administrators by using characters such as line breaks
• Enter 5240%0d%0alogin succeeded for Username:admin to log in successfully

• Database backdoors
• ? Input INJECTION statement: 101; Update employee set salary=10000, which successfully raised the user's salary to 10000

Usage statement: 101; CREATE TRIGGER Lsjbackdoor before INSERT on employee for each ROW BEGIN UPDATE employee SET email= '[email protected] ' WHERE userid = New.userid Creates a backdoor that sets all the mailboxes and user IDs in the table to my

XSS attack

• Cross-site Scripting phishing attack (Phishing with XSS)
• Inject the front-end code into the input box to display the following page

Enter user name and password, submit to intercept

Reflective XSS (reflected XSS Attacks)

• If we enter the wrong user information, the server check input is wrong, will return the error page and display the error content
• Use offensive urlhttp://www.targetserver.com/search.asp?input= as input source, pop up dialog box

Storage-type XSS (Stored XSS attakcs)

Send a message to the user, when the user opens this information triggered by the hidden information inside the JS code, and then stolen away the cookies

XSCF attack CSRF Prompt By-Pass

• is a malicious request by mail, using two IFRAME modules to add request acknowledgement requirements

<iframe src= "attack? screen= own src&menu= own menu&transferfunds=5000 ">

<iframe src= "attack? screen= own src&menu= own menu&transferfunds=confirm ">

Experiment List

Experiment Summary and experience

This experiment let me know can be through a variety of methods to achieve attacks, the Internet really can not be taken lightly, otherwise it was attacked.

20155324 The Web Security Foundation practice of network countermeasure technology