How to conduct web penetration skills analysis

Currently, with the continuous development of information networks, people's awareness of information security is increasing day by day, and the security protection measures of information systems are also gradually improving. Firewalls are usually deployed at the Internet boundary of the server to isolate internal and external networks, only external needs are The server port is exposed. Adopting this measure can greatly improve the security level of the information system. For external attackers, it is like closing all irrelevant channels, leaving only a necessary entrance.

But in this state, there is still a type of security problem that cannot be avoided, and that is web vulnerability. The reason is that the user's input characters are not strictly filtered when the program is written, allowing hackers to carefully construct a malicious string to achieve their own goals.

So, how can we find out whether there are such security issues? Below we will list a few relatively simple penetration techniques.

XSS Vulnerability

Try to find all the places that are user-controllable and can be output in the page code, such as the following: each parameter of the URL, the URL itself, Common scenarios for forms and search boxes (including comment areas, message areas, personal information, order information, search boxes, current directories, image attributes, etc.), then enter the code <script>alert(hello)</script> . If it is as shown in the picture below, then please be aware that your system is likely to be subject to a cross-site scripting attack.

Cross-site scripting attack XSS malicious attackers will insert malicious Script code into the Web page. When the user browses the page, the Script code embedded in the Web will be executed to achieve the purpose of maliciously attacking users.

XSS attacks are aimed at user-level attacks! Stored XSS, persistence, code is stored in the server, such as inserting code in personal information or published articles, etc. If there is no filtering or the filtering is not strict, then these codes will be stored in the server, and when the user accesses the page Trigger code execution. This kind of XSS is more dangerous and can easily cause worms, cookie theft, etc.

SQL injection

[SQL statement targeted: $sql="select*from admin where id=".$id;]

Normal Visit: www.linuxtest.com/test2.php?id=1

Find the injection point:

1. Abnormal access to www.linuxtest/test2.php?id=1', the result Returning to an abnormal page indicates that there may be an injection node. Continue with the verification below.

2. Continue to access www.linuxtest/test2.php?id=1 and 1=1 abnormally, and the result is returned to the normal page.

3. Continue to access www.linuxtest/test2.php?id=1 and 1=2 abnormally. The result is an abnormal page returned with an injection node. You can add attack SQL statements directly after id=1.

[Other SQL1 statements: $sql="select*from admin where id=$id";]

Same as above

[Other SQL2 statements: $sql= "select*from admin where id='{$id}'";】

There is an injection point at this time, but we must eliminate the single quotes to insert the corresponding attack SQL. The methods are:

Add (and '=) to eliminate; for example: test2.php?id=1' union select 1,2,3 and '=; the resulting SQL is: select*from admin where id='1' union select 1 ,2,3 and '='

Increase (and "='), (union select 1,2,'3), etc.

Due to different system environments, attackers may cause The damage is different, which is mainly determined by the security permissions of the application to access the database. If the user's account has administrator or other higher-level permissions, the attacker may perform various operations he wants to do on the database tables, including adding , delete or update data, or even delete the table directly.

The above is a direct manual operation, and the following will lead you to witness the penetration of the burp_suite tool.

When you need to initiate a request, the system will be intercepted It is in the startup state as shown below (taking a certain website as an example):

When you enter the page you want to modify and tamper with the parameters Click Close. If successful, the page will return the parameters you modified. This is the interception tampering vulnerability.

Result:

In most cases, burpsuite completes vulnerability attacks by tampering with parameters. You can see that the web page is directly tampered with. This situation not only reduces the customer experience, but also faces operational risks. , or even legal risks, resulting in a series of risks such as public relations crises.

The above is the detailed content of How to conduct web penetration skills analysis. For more information, please follow other related articles on the PHP Chinese website!