"White hat Talk Web Security" The 7th chapter of the study note injection attack

Chapter 7th injection Attacks

SQL injection Two conditions:1, the user can control the input, 2, the original execution of the SQL statement and received the user input data.

7.1 SQLinjected

SQL injection, by inserting a SQL command into a Web form to submit or entering a query string for a domain name or page request, eventually achieves a malicious SQL command that deceives the server, such as a lot of previous movie and television site leaks most of the VIP membership password is sent through the WEB form to submit query characters, such forms are particularly vulnerable to SQL injection attacks.

Blind Note:

The blinds are injection attacks that are completed when the server does not have an error echo. The server does not have an error echo, and for an attacker there is a lack of very important "modal information", so an attacker would need to find a way to verify that the injected SQL has been executed.

The blinds are judged on the basis of multiple conditions, and if there is no error on the page, there is an injection point.

7.2Database Attack Skills

Using stored procedures in a Web site is not uncommon, although using stored procedures can improve execution efficiency. However, there are migration problems.

database characters need to be uniformly encoded, preferably for UTF-8

7.3defend correctlySqlinjected

Defense methods:

q using pre-compiled statements

q Using Stored Procedures

q Check Data type

q using Security Functions

7.4Other injection attacks

XML injected

XML injection is implemented by rewriting the XML's data content. XML is typically used to store data, and if the user-supplied data is stored in XML, it is possible for an attacker to inject additional XML that the attacker might not be able to control properly .

Code injection:

JS:eval ()

Jsp:include

CRLF Injection:

just enter . (CR, ASCII13, \ r) line Break (LF, ASCII10, \ n) .

line breaks in some The ASCII Code table also uses newline(simple nl) to express , here the LF is the line feed concept, the meaning is the same.

of these two The acsii character does not have any output on the screen, but is widely used in Windows to identify the end of a line. In the Linux/unix system, there are only line breaks.

The combination of CR and LF is together.

in this " CRLF"Attack can be tested in the Eastern Red Project.

The best way to defend against this injection attack is to "detach the data from the code"

This article is from the "dream to think XI" blog, please be sure to keep this source http://qiangmzsx.blog.51cto.com/2052549/1859551

"White hat Talk Web Security" The 7th chapter of the study note injection attack