This article is about common PHP attacks (6 kinds of attack details), here to share to you, you can also give people in need of help a reference, let's have a look
1. SQL injection
SQL injection is a malicious attack that affects normal SQL execution by entering SQL statements in form fields. Another is injected through the system () or EXEC () command, which has the same SQL injection mechanism, but only for shell commands.
[python] view plain copy
-
$username = $_post[ ' username '
$query = "select * FROM auth where username = '". $username. "'" ;
Echo $query;
$db = new mysqli (' localhost ', ' demo', 'demo',' Demodemo ');
$result = $db->query ($query);
if ($result && $result->num_rows) {
echo "<br/>logged in successfully";
} Else {
echo "<br/>login failed";
}
To prevent SQL injection options:
* Filter data using mysql_real_escape_string ()
* Manually check if each data is the correct data type
* Use preprocessing statements and bind variables
* Use prepared pre-processing statements
* Separating data and SQL logic
* Preprocessing statements are automatically filtered (e.g. escaped)
* Use it as a coding standard to help new team members avoid encountering the above problems
[python] view plain copy
$query = ' select name, district from city where Countrycode=? ' ;
if ($stmt = $db->prepare ($query)) {
$countrycode = ' hk ';
$stmt->bind_param ("s", $countrycode);
$stmt->execute ();
$stmt->bind_result ($name, $district);
while ($stmt ($stmt->fetch ()) {
Echo $name. ', ' . $district;
echo ' <br/> ';
}
$stmt->close ();
}
2. XSS attack
XSS (cross-site scripting attacks) is an attack in which users enter some data into your website, which includes client-side scripting (usually JavaScript). If you do not filter the output data to another Web page, this script will be executed. Receive user-submitted text content
What's going to happen?
* Annoying pop-up windows
* Refresh or redirect
* Damaged pages or forms
* Stealing cookies
*ajax (XMLHttpRequest)
Prevent XSS attacks
To prevent XSS attacks, use PHP's Htmlentities () function to filter and then output to the browser.
The basic usage of htmlentities () is simple, but there are many advanced controls, see the XSS Quick Check table.
3, Session fixed
Session security, suppose a phpsessid is hard to guess. However, PHP can accept a session ID via a cookie or URL. Thus, spoofing a victim can use a specific (or other) session ID or phishing attack.
4. Meeting Capture and hijacking
This is the same idea as session pinning, however, it involves stealing the session ID. If the session ID is stored in a cookie, the attacker can steal through XSS and JavaScript. If the session ID is included on the URL, it can also be obtained by sniffing or from the proxy server.
Prevent session capture and hijacking:
* Update ID
* If you are using a session, make sure that the user uses SSL
5. Cross-site request forgery (CSRF)
A csrf attack is a request made by a page that looks like a trusted user of the site, but not intentionally. It has a number of variants, such as the following example:
[python] view plain copy
-
' http://example.com/single_click_to_buy.php?user_id=123&item=12345 ' >
Prevent cross-site request forgery
In general, make sure that users come from your form and match every form that you send out. There are two points to be sure to remember:
Use appropriate security measures for user sessions, such as updating IDs for each session and using SSL for the user.
Generate another one-time token and embed it in the form, save it in the session (a session variable), and check it on commit.
6. Code Injection
Code injection is caused by the processing of invalid data by using a computer vulnerability. The problem is that when you accidentally execute arbitrary code, it is usually contained by a file. Poorly written code can allow a remote file to be included and executed. Many PHP functions, such as require, can contain URLs or filenames, for example:
[python] view plain copy
<form>
Choose Theme:
<select name = theme>
<option value = blue>blue</option>
<option value = green>green</option>
<option value = red>red</option>
</select>
<input type = submit>
</form>
<?php
if ($theme) {
Require ($theme. TXT ');
}
?>
In the example above, a file that begins with "http://" is passed as part of a file name or file name entered by the user.
Prevent Code injection
* Filter User input
* Disabled allow_url_fopen and Allow_url_include are set in php.ini. This disables the remote file for Require/include/fopen.
Other general principles
1. Do not rely on server configuration to protect your application, especially when your Web server/PHP is managed by your ISP, or when your site may be migrated/deployed elsewhere, and migrated/deployed elsewhere in the future. Embed security-aware checks/logic (HTML, JavaScript, PHP, and so on) in your site code.
2. Design the server-side security script:
-for example, single-point authentication and data cleansing using single-line execution
-for example, embed a PHP function/file on all security-sensitive pages to handle all login/security logic checks
3. Make sure your code is updated and the latest patches are being patched.
Related recommendations:
PHP attack site defense code-and attack code anti-translation _php tutorial