Injection Attack of Web script attack

Concepts and principles of injection attacks

Injection vulnerability is a widespread vulnerability type in a Web server, the basic principle is that the Web program to the user input requests included in the illegal data check filter is not strict, so that the Web program to the user's exception input characters as normal code execution, so that the user unauthorized access to the Web server information.

An attack that exploits an injection vulnerability is called an injection attack, which is the most common threat in web security and is the biggest attack, including SQL injection, code injection, command injection, LDAP injection, XPath injection, and so on. To achieve injection attacks to have two key conditions, the first is that users can write the input data, and the second is that the execution code of the Web program is spliced user input data. The key to inject attack is to grasp the organizational characteristics of the injected database system, ensure that the injected data is spliced and conform to the Web Program syntax specification, and become the operation statement that can be executed correctly.

The principle of SQL injection

SQL injection Attack is the principle of the Web application after receiving the user's request parameters, if the request parameters are not strictly filtered or checked, and directly to the user's request parameters as part of the stitching SQL statement execution, An attacker could construct a small snippet of SQL code to be submitted to the Web application as a request parameter, thus allowing the SQL code to be interpreted by the background database program, allowing the attacker to implement the attack intent of the query operation background database.

To understand the principles of SQL injection, the following is a detailed description of the example.

Each time a user logs on to a website, they need to enter the user name and password in the form on the landing page. The following code is a simplified user login form HTML code, two basic form items in the form to receive the user's login input.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/58/B0/wKiom1S30ASz0gNTAACK3fwywdo501.jpg "title=" ~ {~~6) Fd]arhfl1}ge87_d.png "alt=" wkiom1s30asz0gntaack3fwywdo501.jpg "/>

The attacker fills in the UserID field "admin"--", passwd field fill" Password ", and click" Login "button to submit the form waiting for background program authentication.

The user-submitted data is directly part of a dynamically constructed SQL statement and is not checked, filtered, or escaped. Therefore, the SQL statements that are eventually executed in the background database server are as follows:

SELECT * from the members WHERE userid = ' admin '--' and passwd = ' password '

Because the symbol "--" is a comment token for many database management systems, such as MySQL and SQL Server, the above SQL statement is actually equivalent to the following SQL statement:

SELECT * FROM-members WHERE userid = ' admin '

In other words, the user does not need to enter a password to be the Admin user identity by the background of the Web application certification through.

Steps for SQL injection attacks

① first needs to determine whether the Web site can be SQL injected. There is no SQL injection problem if the URL address you are accessing is only access to a static Web page. SQL injection may exist only if the Web page that is visited contains a dynamic query to the background database.

② looking for SQL injection points. After you have completed the previous step, you need to look for a SQL injection vulnerability that can be exploited. The attacker constructs a database query statement to find the injection point by entering some special statements and judging the database type according to the browser return information.

③ uses injection vulnerabilities to query the background database and get or guess the user name and password. The length and content of the table name, field name, user name, and password stored in the database. This guessing process can be quickly realized through the online mass injection tool and easily cracked user passwords with the help of cracked websites.

④ look for Web management background portal, login with username password. Usually the Web background management interface is not open to ordinary users, attackers can use the scanning tool to quickly search for possible landing address, and then try, you can find the background management interface portal address, through the user name password to achieve login.

⑤ achieve successful intrusion and modification of the website. An attacker who logs on to the admin page will be able to make changes as they wish. and further invade the database server, the contents of the database exported, that is, drag library.

(Note: Sniffing, scanning, cryptographic algorithms, firewalls, VPNs, IDS, reverse engineering, common attack and protection methods, operating system security configuration, network device security Configuration, codec, password cracking, reverse engineering, SQL injection, cookie injection, spoofing technology, log analysis, network programming, scripting analysis, Buffer overflow, etc.)

Injection Attack of Web script attack