Script attacks and SQL Injection

Script attack

1. What is SQL injection?

SQL Injection uses a browser to enter some specialCodeAnd SQL database query, modification, and deletion statements to allow the server to execute activities prohibited by the system administrator, which can take over the website, obtain management permissions, obtain sensitive data in the database, or delete data, modify data.

For example, enter <>,<! In the text box! ,!> , = ,! =, Update, delete, select, Count, sum, Max,

Min, from, select.

Prevent injection: these dynamic SQL injections are replaced.

1. What about javascrpt attacks?

Javascrpt is used to input scripts to dynamically intercept sensitive data or modify or delete information on the webpage.

For example, script | and | exec | insert | select | Delete | update | count | * | % | CHR | mid | master | truncate | char | all statements are Script attack statements.

Prevent: Replace the attack statement with the space character "".

3. What is a cross-site attack?

Cross-Site Scripting(Also knownXSSAttackers use website vulnerabilities to steal information from users. When users browse websites, use instant messaging software, or even read emails, they usually click a link. Attackers can steal user information by inserting malicious code into the link. Attackers usually use a hexadecimal (or other encoding method) to encode the link, so that users do not doubt its legitimacy. After a website receives a request containing malicious code, it will generate a page containing malicious code, which looks like a legitimate page that the website should generate. Many popular message books and forumsProgramAllows users to post HTML and JavaScript. Assume that user a has published a post containing malicious scripts. When user B browses this post, the malicious script will be executed to steal session information of user B. Details about attack methods are described below.