Learn about common PHP application Security threats to ensure your PHP applications are not compromised. Therefore, this article will list 6 common PHP security attacks, you are welcome to read and learn.
1. SQL injection
SQL injection is a malicious attack that affects normal SQL execution by entering SQL statements in form fields. Another is injected through the system () or EXEC () command, which has the same SQL injection mechanism, but only for shell commands.
$username = $_post[' username ');
$query = "SELECT * FROM auth where username = '". $username. "'";
Echo $query;
$db = new mysqli (' localhost ', ' demo ', ' demo ', ' Demodemo ');
$result = $db->query ($query);
if ($result && $result->num_rows) {
echo "<br/>logged in successfully";
} else {
echo "<br/>login failed";
}
The above code, in the first line, does not filter or escape the user input value ($_post[' username '). So the query might fail or even corrupt the database, which depends on whether $username contains a transformation of your SQL statement to something else.
Prevent SQL injection
Options:
Filtering data using mysql_real_escape_string ()
Manually check if each data is the correct data type
Using preprocessing statements and binding variables
Using prepared pre-processing statements
Separating data and SQL logic
Preprocessing statements are automatically filtered (for example, escaped)
Use it as a coding criterion to help new people in the team avoid encountering the above problems
$query = ' Select Name, district from city where Countrycode=? ';
if ($stmt = $db->prepare ($query))
{
$countrycode = ' HK ';
$stmt->bind_param ("s", $countrycode);
$stmt->execute ();
$stmt->bind_result ($name, $district);
while ($stmt ($stmt->fetch ()) {
echo $name. ', '. $district;
echo ' <br/> ';
}
$stmt->close ();
}
2. XSS attack
XSS (cross-site scripting attacks) is an attack in which users enter some data into your website, which includes client-side scripting (usually JavaScript). If you do not filter the output data to another Web page, this script will be executed.
Receive user-submitted text content
<?php
if (file_exists (' comments ')) {
$comments = Get_saved_contents_from_file (' comments ');
} else {
$comments = ";
}
if (isset ($_post[' comment ')) {
$comments. = ' <br/> '. $_post[' comment '];
Save_contents_to_file (' comments ', $comments);
}
>
Output content to (another) user
<form action= ' xss.php ' method= ' POST ' >
Enter your comments here: <br/>
<textarea name= ' comment ' ></textarea> <br/>
<input type= ' Submit ' value= ' Post comment '/>
</form>
<?php echo $comments;?>
What's going to happen?
Annoying pop-up windows.
Refresh or redirect
Damage a webpage or form
Stealing cookies
AJAX (XMLHttpRequest)
Prevent XSS attacks
To prevent XSS attacks, use PHP's Htmlentities () function to filter and then output to the browser. The basic usage of htmlentities () is simple, but there are many advanced controls, see the XSS Quick Check table.
3, Session fixed
Session security, suppose a phpsessid is hard to guess. However, PHP can accept a session ID via a cookie or URL. Thus, spoofing a victim can use a specific (or other) session ID or phishing attack.
4. Meeting Capture and hijacking
This is the same idea as session pinning, however, it involves stealing the session ID. If the session ID is stored in a cookie, the attacker can steal through XSS and JavaScript. If the session ID is included on the URL, it can also be obtained by sniffing or from the proxy server.
Prevent session capture and hijacking
Update ID
If using a session, make sure that the user uses SSL
5. Cross-site request forgery (CSRF)
A csrf attack is a request made by a page that looks like a trusted user of the site, but not intentionally. It has a number of variants, such as the following example:
Prevent cross-site request forgery
In general, make sure that users come from your form and match every form that you send out. There are two points to be sure to remember:
Use appropriate security measures for user sessions, such as updating IDs for each session and using SSL for the user.
Generate another one-time token and embed it in the form, save it in the session (a session variable), and check it on commit.
6. Code Injection
Code injection is caused by the processing of invalid data by using a computer vulnerability. The problem is that when you accidentally execute arbitrary code, it is usually contained by a file. Poorly written code can allow a remote file to be included and executed. Many PHP functions, such as require, can contain URLs or filenames, for example:
<form>choose Theme:
<select name = theme>
<option value = blue>blue</option>
<option value = green>green</option>
<option value = red>red</option>
</select>
<input type = submit>
</form>
<?php
if ($theme) {
Require ($theme. TXT ');
}
?>
In the example above, a file that begins with "http://" is passed as part of a file name or file name entered by the user.
Prevent Code injection
Filter User Input
Set disable Allow_url_fopen and Allow_url_include in php.ini. This disables the remote file for Require/include/fopen.
Other general principles
1. Do not rely on server configuration to protect your application, especially when your Web server/PHP is managed by your ISP, or when your site may be migrated/deployed elsewhere, and migrated/deployed elsewhere in the future. Embed security-aware checks/logic (HTML, JavaScript, PHP, and so on) in your site code.
2. Design the server-side security script:
-for example, single-point authentication and data cleansing using single-line execution
-for example, embed a PHP function/file on all security-sensitive pages to handle all login/security logic checks
3. Make sure your code is updated and the latest patches are being patched.
6 Common PHP Security attacks