For example, SQL injection attacks
XSS attacks
Copy codeThe Code is as follows: Arbitrary Code Execution
File Inclusion and CSRF.
}
There are many articles about SQL attacks and various injection scripts, but none of them can solve the fundamental problem of SQL injection.
See the Code:
Copy codeThe Code is as follows: <? Php
Mysql_connect ("localhost", "root", "123456") or die ("database connection failed! ");
Mysql_select_db ("test1 ");
$ User = $ _ post ['uid'];
$ Pwd = $ _ POST ['pass'];
If (mysql_query ("SELECT * from where
Admin
= 'Username' = '$ user' or 'Password' =' $ pwd '"){
Echo "the user has successfully logged on ..";
} Eles {
Echo "User Name or Password error ";
}
?>
A simple piece of code is used to check whether the user name or password is correct. However, some malicious attackers can submit some sensitive code. The consequences can be imagined. There are two methods to determine post injection.
1. Enter "or '1' = 1" or "and 1 = 1" in the form text box"
The statement to query the database should be:
SELECT admin from where login = 'user' = ''or '1' = 1' or 'pass' = 'xxx'
Of course, there will be no errors because or represents and or in SQL statements. Of course, an error will also be prompted.
At that time, we found that all information of the current table can be queried after the SQL statement can be executed. For example, use the correct Administrator account and password for Logon intrusion ..
Solution 1:
Use javascript scripts to filter out special characters (not recommended, and the indicator is not cured)
If javascript is disabled, attackers can still launch SQL injection attacks ..
Solution 2:
Use the built-in functions of mysql for filtering.
See the Code:Copy codeThe Code is as follows: <? Php
// Skip operations such as database connection ..
$ User = mysql_real_escape_string ($ _ POST ['user']);
Mysql_query ("select * from admin whrer 'username' = '$ user '");
?>
Since we have mentioned xss attacks, let's talk about XSS attacks and prevention ..
Submit Form:Copy codeThe Code is as follows: <form method = "post" action = "">
<Intup tyep = "text" name = "test">
<Intup tyep = "submit" name = "sub" value = "submit">
</Form>
Received file:Copy codeThe Code is as follows: if (empty ($ _ POST ['sub']) {
Echo $ _ POST ['test'];
}
A very simple piece of code. Here we just simulate the use scenario ..
Join the attacker to submit
<Script> alert (document. cookie); </script>
The returned page displays the cookie information on the current page.
We can use some message boards (which are not filtered in advance). Then, when the Administrator reviews and modifies the information, the COOKIE information is stolen and sent to the attacker's space or mailbox .. Attackers can use the cookie modifier to perform login intrusion ..
Of course, there are also many solutions .. The following describes the most common method.
Solution 1: escape using javascript
Solution 2: escape using php built-in functions
The Code is as follows:
[Code]
If (empty ($ _ POST ['sub']) {
$ Str = $ _ POST ['test'];
Htmlentities ($ srt );
Echo $ srt;
}
[Html]
Well, the cases about SQL injection and XSS attacks are similar to the restoration methods.
Of course there are other solutions:
Example: Use the php framework
There are other methods .. Of course, XSS has a wide range of application and attack methods. This article only filters php submission methods. You need to study other methods by yourself ~
This article is published here: Aey uhost team (team. hake. cc). For more information, see copyright.
Y0umer