Php general anti-injection and injection

Source: Internet
Author: User

Php universal anti-injection is mainly used to filter some SQL commands and php post get for reference. We/want to filter out some illegal characters, which can prevent basic injection, it is also necessary to install and set the apache server. Both the administrator username and password are encrypted using md5, which effectively prevents php injection.

Php tutorial general anti-InjectionIt mainly filters some SQL commands and php post get for reference. We/want to filter out some illegal characters, which can prevent basic injection, it is also necessary to install and set the apache server. Both the administrator username and password are encrypted using md5, which effectively prevents php injection.
The server and mysql tutorials also require enhanced security.
For linux Server Security Settings:
Use the "/usr/sbin/authconfig" tool to enable the password shadow function and encrypt the password.
Prohibit access to important files. Go to the linux Command interface and enter:
# Chmod 600/etc/inetd. conf // change the file attribute to 600
# Chattr + I/etc/inetd. conf // ensure that the file owner is root
# Chattr-I/etc/inetd. conf // restrict changes to this file
Prohibit any user from changing to a root user through the su command
Add the following two lines at the beginning of the su configuration file/etc/pam. d:
Auth sufficient/lib/security/pam_rootok.so debug
Auth required/lib/security/pam_whell.so group = wheel
Delete all special accounts
# Deleting users such as userdel lp
# Delete groups such as groupdel lp
Disable unused suid/sgid programs
# Find/-type f (-perm-04000-o-perm-02000)-execls-lg {};

$ Arrfiltrate = array ("'", ";", "union", "select", "insert", "update", "delete", "load_file ", "outfile ");

// Url to jump after an error

$ Strgourl = "";

Function funstringexist ($ strfiltrate, $ arrfiltrate)
{
Foreach ($ arrfiltrate as $ key => $ value)
{
If (eregi ($ value, $ strfiltrate ))
{
Return true;
}
}
Return false;
}

// Merge $ _ post, $ _ get, and $ _ cookie

If (function_exists (array_merge ))
{
$ Arrpostgetcookiesession = array_merge ($ http_post_vars, $ http_get_vars, $ http_cookie_vars );
$ String = implode ("", $ arrpostgetcookiesession );
}

// Verify

If (funstringexist ($ string, $ arrfiltrate ))
{
Echo "<script language =" webpage effect "> alert (" prompt, invalid character "); </script> ";
}
Else
{
Echo "<script language =" javascript "> window. location =" ". $ strgourl." "; </script> ";
}

Section 2 anti-injection instance

Php general anti-injection Security Code
Note:
Determines whether the passed variable contains invalid characters.
Such as $ _ post and $ _ get
Function:
Anti-Injection
**************************/
// Invalid characters to be filtered
$ Arrfiltrate = array ("'", ";", "union ");
// The url to be redirected after an error occurs. If this parameter is left blank, the previous page is displayed by default.
$ Strgourl = "";
// Whether the value in the array exists
Function funstringexist ($ strfiltrate, $ arrfiltrate ){
Foreach ($ arrfiltrate as $ key => $ value ){
If (eregi ($ value, $ strfiltrate )){
Return true;
}
}
Return false;
}
// Merge $ _ post and $ _ get
If (function_exists (array_merge )){
$ Arrpostandget = array_merge ($ http_post_vars, $ http_get_vars );
} Else {
Foreach ($ http_post_vars as $ key => $ value ){
$ Arrpostandget [] = $ value;
}
Foreach ($ http_get_vars as $ key => $ value ){
$ Arrpostandget [] = $ value;
}
}
// Verification starts
Foreach ($ arrpostandget as $ key => $ value ){
If (funstringexist ($ value, $ arrfiltrate )){
Echo "alert (/" neeao prompt, invalid character /");";
If (empty ($ strgourl )){
Echo "history. go (-1 );";
} Else {
Echo "window. location =/" ". $ strgourl ."/";";
}
Exit;
}
}


Let's take a look at the injection details.

Converted to ascii is char (97,108,112,104, 97)
The hexadecimal value is 0x616c706861.
(We will provide hexadecimal and ascii conversion tools on the CD)
All right, enter the following in the browser:

Http: // localhost/site/admin/login. php?
Username = char (97,108,112,104, 97) % 23


The SQL statement is changed:

Select * from alphaaut

Hor where username = char (97,108,112,104, 97) # and password =


21


As we expected, he ran smoothly and we got what we wanted.
Of course, we can also construct

Http://www.bKjia. c0m/site/admin/login. php? Username = 0x616c706861% 23


The SQL statement is changed:

Select * from alphaauthor where username
= 0x616c706861% 23 # and password =


Once again we were successful. Have a sense of accomplishment,

Maybe you will ask if we can put # In char ().
Actually char (97,108,112,104, 97) is equivalent to alpha
Note that quotation marks are added to alpha to indicate the alpha string.
We know that if you execute

Mysql> select * from dl_users where username = alpha;
Error 1054 (42s22): unknown column alpha in where clause


An error is returned. Because he thinks alpha is a variable. So we have to put quotation marks on alpha.
As follows:

Mysql> select * from dl_users where username = alpha;

 

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.