Example: SQL injection attack
XSS attacks
Copy Code code as follows:
Arbitrary code Execution
file contains and CSRF.
}
There are a lot of articles about SQL attacks and all kinds of anti injection scripts, but none of this solves the underlying problem of SQL injection
See Code:
Copy Code code as follows:
<?php
mysql_connect ("localhost", "root", "123456") or Die ("Database connection failed!");
mysql_select_db ("Test1");
$user =$_post[' uid '];
$pwd =$_post[' Pass '];
if (mysql_query ("select *" from where
Admin
= ' username ' = ' $user ' or ' password ' = ' $pwd ') {
echo "User login successfully ...";
} eles {
echo "User name or password error";
}
?>
A very simple piece of code that detects whether a user name or password is correct, but submits some sensitive code to some malicious attacker. The consequences can be imagined. Post judgments are injected in 2 different ways.
1. Enter "or ' 1 ' = 1" or "and 1=1" in the text box of form forms
The statements in the query database should be:
SELECT admin from where to login = ' user ' = ' or ' 1 ' =1 ' or ' pass ' = ' xxxx '
Of course, there will be no errors, because or in the SQL statement to represent the and, or meaning. Of course, you will be prompted with errors.
At that time we had found that all the information about the current table could be queried after the SQL statement was executed. For example: The correct administrator account and password for login intrusion.
Repair Mode 1:
Use JavaScript script to filter special characters (not recommended, no indicator)
If the attacker disables JavaScript or can do SQL injection attacks ...
Repair Mode 2:
Use MySQL's own function to filter.
See Code:
Copy Code code as follows:
<?php
Omit the operation of the connection database.
$user =mysql_real_escape_string ($_post[' user ');
mysql_query ("select * from admin whrer ' username ' = ' $user '");
?>
Now that we've talked about XSS attacks, let's talk about XSS attacks and precautions.
Submitting a form:
Copy Code code as follows:
<form method= "POST" action= "" >
<intup tyep= "text" name= "Test" >
<intup tyep= "Submit" Name= "sub" value= "submitted" >
</form>
Receive file:
Copy Code code as follows:
if (Empty ($_post[' sub ')) {
echo $_post[' test '];
}
A very simple piece of code, here only simulates the use of the scene.
Join an attacker commit
<script>alert (Document.cookie);</script>
You should display the cookie information for the current page on the returned page.
We can apply to some of the message boards (not filtered in advance), and then when the Administrator audit the change message to steal cookie information, and sent to the attacker's space or mailbox. An attacker could use the cookie modifier to log in and invade.
Of course, there are many solutions. Here are some of the most common ways to do it.
Fix Scenario 1: Use JavaScript for escape
Fix Scenario 2: Escape using PHP built-in functions
The code is as follows:
[Code]
if (Empty ($_post[' sub ')) {
$str =$_post[' test '];
Htmlentities ($SRT);
Echo $srt;
}
[HTML]
Well, the case for SQL injection attacks and XSS attacks is about the same as the fixes.
Of course, there are other solutions:
For example: using the PHP framework
There are other ways to do it. Of course, XSS has a wide range of uses and attacks. This article is only for the submission of PHP filtering, there are other need to study their own ^_^ ~
This article out this: Aey uhost team (team.hake.cc), reproduced please bring the copyright.
Y0umer
2012/6/7