php universal anti-injection mainly filters some sql commands and references passed by php post get. We need to filter some illegal characters, which can prevent basic injection. The installation and setting method of apache server is also necessary. The administrator username and password are md5 encrypted, which can effectively prevent PHP injection.
php tutorial general anti-injectionIt is mainly to filter some sql commands and references passed by php post get. We need to filter some illegal characters, so as to prevent basic injection, which is related to the apache server. Installation and setup methods are also required. The administrator username and password are md5 encrypted, which can effectively prevent PHP injection.
There are also server and mysql tutorials that need to strengthen some security precautions.
For security settings of linux server:
To encrypt the password, use the "/usr/sbin/authconfig" tool to turn on the password shadow function and encrypt the password.
To prohibit access to important files, enter the Linux command interface and enter:
at the prompt.
#chmod 600 /etc/inetd.conf //Change file attributes to 600
#chattr +i /etc/inetd.conf // Ensure that the file owner is root
#chattr –i /etc/inetd.conf // Limit changes to this file
It is forbidden for any user to change to the root user through the su command
Add the following two lines at the beginning of the su configuration file, that is, the /etc/pam.d/ directory:
auth sufficient /lib/security/pam_rootok.so debug
auth required /lib/security/pam_whell.so group=wheel
Delete all special accounts
#userdel lp etc. Delete user
#groupdel lpetc. Delete group
Ban unused suid/sgid programs
#find / -type f (-perm -04000 - o –perm -02000 ) -execls –lg {} ;
$arrfiltrate=array("'",";","union","select","insert","update","delete","load_file","outfile");
//The url to be redirected after an error occurs
$strgourl="";
function funstringexist($strfiltrate,$arrfiltrate)
{
foreach ($arrfiltrate as $key=>$value)
{
If (eregi($value,$strfiltrate))
{
return true;
}
}
return false;
}
//Merge $_post, $_get and $_cookie
if(function_exists(array_merge))
{
$arrpostgetcookiesession=array_merge($http_post_vars,$http_get_vars,$http_cookie_vars);
$string = implode("",$arrpostgetcookiesession);
}
//Verification
if(funstringexist($string,$arrfiltrate))
{
echo "";
}
else
{
echo "";
}
The second anti-injection example
php universal anti-injection security code
Description:
Determine whether the passed variable contains illegal characters
Such as $_post, $_get
Function:
Anti-injection
******************************/
//Illegal characters to filter
$arrfiltrate=array("'",";","union");
//The URL to jump to after an error occurs. If not filled in, the previous page will be defaulted
$strgourl="";
//Whether there is a value in the array
function funstringexist($strfiltrate,$arrfiltrate){
foreach ($arrfiltrate as $key=>$value){
if (eregi($value,$strfiltrate)){
return true;
}
}
return false;
}
//Merge $_post and $_get
if(function_exists(array_merge)){
$arrpostandget=array_merge($http_post_vars,$http_get_vars);
}else{
foreach($http_post_vars as $key=>$value){
$arrpostandget[]=$value;
}
foreach($http_get_vars as $key=>$value){
$arrpostandget[]=$value;
}
}
//Verification starts
foreach($arrpostandget as $key=>$value){
if (funstringexist($value,$arrfiltrate)){
echo "alert(/"neeao prompt, illegal character/");";
if (empty($strgourl)){
echo "history.go(-1);";
}else{
echo "window.location=/"".$strgourl."/";";
}
exit;
}
}
Take a look at the injection details
After converted to ascii it is char(97,108,112,104,97)
Converted to hexadecimal is 0x616c706861
(We will provide hexadecimal and ascii conversion tools on the CD)
Okay, just type it in the browser:
http://localhost/site/admin/login.php?
username=char(97,108,112,104,97)%23
The sql statement becomes:
select * from alphaaut
hor where username=char(97,108,112,104,97)# and password=
As shown in Figure 21
As we expected, he executed smoothly and we got what we wanted.
Of course, we can also construct it like this
http://www.bKjia.c0m/site/admin/login.php?username=0x616c706861%23
The sql statement becomes:
select * from alphaauthor where username
=0x616c706861%23# and password=
Once again we are winners. It feels like a great achievement,
Maybe you will ask us if we can also put # in char()
In fact char(97,108,112,104,97) is equivalent to alpha
Note that alpha is enclosed in quotes, indicating the alpha string.
We know that in mysql if we execute
mysql> select * from dl_users where username=alpha;
error 1054 (42s22): unknown column alpha in where clause
See the error returned. Because he will think that alpha is a variable. So we have to put quotes around alpha.
As follows
mysql> select * from dl_users where username= alpha ;