Introduction to sql injection and XSS attacks in php-PHP Tutorial-php.cn

Home

Backend Development

PHP Tutorial

Introduction to sql injection and XSS attacks in php

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jul 25, 2016 am 09:05 AM

mysql_connect("localhost","root","123456")or die("Database connection failed!");
mysql_select_db("test1");
$user=$_post[ 'uid'];
$pwd=$_POST['pass'];
if(mysql_query("SELECT * from where
admin
= `username`='$user' or `password`='$pwd'") {
echo "The user logged in successfully..";
} eles {
echo "The username or password is incorrect";
}
?>

Copy code

The above code is used to detect whether the username or password is correct Correct, but if you submit some sensitive code to some malicious attackers, the consequences can be imagined

There are two ways to judge injection. 1. Enter "or‘1'=1" or "and 1=1" in the text box of the form. The statement to query the database should be: SELECT admin from where login = `user`=''or'1'=1' or `pass`='xxxx' Of course, there will be no errors, because or represents and or means in the sql statement. Of course, errors will also be prompted. At that time, we had discovered that we could query all the information of the current table after executing the SQL statement. For example: correct administrator account and password for login intrusion. .

Fix method 1: Use javascript scripts to filter special characters (not recommended, indicators do not cure the root cause) If the attacker disables javascript, he can still conduct SQL injection attacks. .

Repair method 2: Use mysql's built-in function to filter.

// Omit operations such as connecting to the database
$user=mysql_real_escape_string($_POST['user']);
mysql_query("select * from admin whrer `username`='$user' ");
?>

Copy code

2, XSS attacks and prevention. submit Form:

Copy code

Receive files:

if(empty($_POST['sub'])){
echo $_POST['test'];
}

Copy the code

The code is very simple, just simulated use Scenes.

3. Add attacker submission The cookie information of the current page should be displayed on the returned page. We can apply it to some message boards (which are not filtered in advance), and then steal the COOKIE information when the administrator reviews the modified information and send it to the attacker's space or mailbox. Attackers can use cookie modifiers to perform login intrusions.

The following introduces one of the most commonly used solutions. Fix 1: Use javascript to escape Fix 2: Use PHP built-in functions to escape

if(empty($_POST['sub'])){
$str=$_POST['test'];
htmlentities($srt);
echo $srt;
}

Copy code

Statement of this Website

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn