By loading the attack code in the HTTP request message, you can initiate an attack on the Web application. Through the URL query field or form, HTTP header, cookies and other channels of attack code, if there is a security vulnerability in Web applications, the internal information will be stolen!
There are two types of attack patterns on the Web:
- Active attack (active attack server)
- Passive attack (upload Trojan, trigger HTTP trap when user accesses)
the security policy implemented is divided into two main steps:
- Client Authentication
- Server-side validation (input value validation, output value escaping)
two main ways to attack1.SQL Injection attacks (the PHP prevention method is to use mysqli_real_escape_string or addslashes to escape the input data) 2.XSS Attack (execute JS code to obtain the user's cookie and other information, to verify. Use strip_tags and htmlspecialchars or htmlentities )
SQL attack hack
<?php
$clean = Array ();
$mysql = Array ();
$clean [' last_name '] = "O ' Reilly";
$mysql [' last_name '] = mysql_real_escape_string ($clean [' last_name ']);
$sql = "INSERT
into User (last_name)
VALUES (' {$mysql [' last_name ']} ');
?>
Mysqli_real_escape_string
(PHP 5)
mysqli::real_escape_string -- mysqli_real_escape_string - Escapes special characters in a string For use in a SQL statement, taking into account the current charset of the connection
try to use the escape function designed for your database. If not, using the function addslashes () is the final good method.
string addslashes ( string
$str )
Returns a string that is preceded by a backslash in order for the database query statement to be preceded by some characters. These characters are single quotation marks ('), double quotation marks ("), backslashes (\), and NULL NUL (characters).
htmlspecialchars only converts the following special characters to entities, Htmlentities is to convert all the HTML tags that have entities into the corresponding entities
- & ' (ampersand) becomes ' & '
- Ent_noquotes is not set.
ent_quotes is set. - < "(less than) becomes ' < '
- > "(greater than) becomes ' > '
Prevent XSS attacks
//This is a PHP code with XSS attack xss.php<?phpif (isset ($_post[' name ')) {//$str = Trim ($_post[' name '); Clean up spaces//$str = Strip_tags ($STR); Remove HTML Tags//$str = Htmlspecialchars ($STR); Convert string contents to HTML entities//$str = Addslashes ($STR);//Echo $str;echo $_post[' name '];}Setcookie ("AAA", ' BBB ');?><form method= "POST" action= "" ><input name= "name" type= "text" width= "> "<input type= "Submit" value= "Submission" ></form>
when I visit the page and enter <script>alert (document.cookie) in the input box; </script>, the following is the original page
after clicking Submit
Click the OK button
Note that the JS code that we have submitted is already inside the head.
If we cancel the Red comment section in the code, execute the
Web attack mode and defense methods
