Home > Backend Development > PHP Tutorial > PHP general anti-injection and injection detailed instructions_PHP tutorial

PHP general anti-injection and injection detailed instructions_PHP tutorial

WBOY
Release: 2016-07-13 17:09:29
Original
963 people have browsed it

php universal anti-injection mainly filters some sql commands and references passed by php post get. We need to filter some illegal characters, which can prevent basic injection. The installation and setting method of apache server is also necessary. The administrator username and password are md5 encrypted, which can effectively prevent PHP injection.

php tutorial general anti-injectionIt is mainly to filter some sql commands and references passed by php post get. We need to filter some illegal characters, so as to prevent basic injection, which is related to the apache server. Installation and setup methods are also required. The administrator username and password are md5 encrypted, which can effectively prevent PHP injection.
There are also server and mysql tutorials that need to strengthen some security precautions.
For security settings of linux server:
To encrypt the password, use the "/usr/sbin/authconfig" tool to turn on the password shadow function and encrypt the password.
To prohibit access to important files, enter the Linux command interface and enter:
at the prompt. #chmod 600 /etc/inetd.conf //Change file attributes to 600
#chattr +i /etc/inetd.conf // Ensure that the file owner is root
#chattr –i /etc/inetd.conf // Limit changes to this file
It is forbidden for any user to change to the root user through the su command
Add the following two lines at the beginning of the su configuration file, that is, the /etc/pam.d/ directory:
auth sufficient /lib/security/pam_rootok.so debug
auth required /lib/security/pam_whell.so group=wheel
Delete all special accounts
#userdel lp etc. Delete user
#groupdel lpetc. Delete group
Ban unused suid/sgid programs
#find / -type f (-perm -04000 - o –perm -02000 ) -execls –lg {} ;

$arrfiltrate=array("'",";","union","select","insert","update","delete","load_file","outfile");

//The url to be redirected after an error occurs

$strgourl="";

function funstringexist($strfiltrate,$arrfiltrate)
{
foreach ($arrfiltrate as $key=>$value)
{
If (eregi($value,$strfiltrate))
{
       return true;
}
}
return false;
}

//Merge $_post, $_get and $_cookie

if(function_exists(array_merge))
{
$arrpostgetcookiesession=array_merge($http_post_vars,$http_get_vars,$http_cookie_vars);
$string = implode("",$arrpostgetcookiesession);
}

//Verification

if(funstringexist($string,$arrfiltrate))
{
echo "";
}
else
{
echo "";
}

The second anti-injection example

php universal anti-injection security code
Description:
Determine whether the passed variable contains illegal characters
Such as $_post, $_get
Function:
Anti-injection
******************************/
//Illegal characters to filter
$arrfiltrate=array("'",";","union");
//The URL to jump to after an error occurs. If not filled in, the previous page will be defaulted
$strgourl="";
//Whether there is a value in the array
function funstringexist($strfiltrate,$arrfiltrate){
foreach ($arrfiltrate as $key=>$value){
if (eregi($value,$strfiltrate)){
return true;
}
}
return false;
}
//Merge $_post and $_get
if(function_exists(array_merge)){
$arrpostandget=array_merge($http_post_vars,$http_get_vars);
}else{
foreach($http_post_vars as $key=>$value){
$arrpostandget[]=$value;
}
foreach($http_get_vars as $key=>$value){
$arrpostandget[]=$value;
}
}
//Verification starts
foreach($arrpostandget as $key=>$value){
if (funstringexist($value,$arrfiltrate)){
echo "alert(/"neeao prompt, illegal character/");";
if (empty($strgourl)){
echo "history.go(-1);";
}else{
echo "window.location=/"".$strgourl."/";";
}
exit;
}
}


Take a look at the injection details

After converted to ascii it is char(97,108,112,104,97)
Converted to hexadecimal is 0x616c706861
(We will provide hexadecimal and ascii conversion tools on the CD)
Okay, just type it in the browser:

http://localhost/site/admin/login.php?
username=char(97,108,112,104,97)%23


The sql statement becomes:

select * from alphaaut

hor where username=char(97,108,112,104,97)# and password=


As shown in Figure 21


As we expected, he executed smoothly and we got what we wanted.
Of course, we can also construct it like this

http://www.bKjia.c0m/site/admin/login.php?username=0x616c706861%23


The sql statement becomes:

select * from alphaauthor where username
=0x616c706861%23# and password=


Once again we are winners. It feels like a great achievement,

Maybe you will ask us if we can also put # in char()
In fact char(97,108,112,104,97) is equivalent to alpha
Note that alpha is enclosed in quotes, indicating the alpha string.
We know that in mysql if we execute

mysql> select * from dl_users where username=alpha;
error 1054 (42s22): unknown column alpha in where clause


See the error returned. Because he will think that alpha is a variable. So we have to put quotes around alpha.
As follows

mysql> select * from dl_users where username= alpha ;

www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/629739.htmlTechArticlephp universal anti-injection mainly filters some sql commands and references passed by php post get. We/want to filter some illegal Characters, this can prevent basic injection, which depends on the apache server...
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template