php - Specific example analysis of sql injection and xss
高洛峰
高洛峰 2017-06-13 09:22:07
0
3
1900

My website was attacked a month ago, and today I received a vulnerability detection report from 360. Oh my God, 360 still does this kind of thing?

  • sql injection
    Vulnerability link 1:
    http: //xxx.com:80/index.php?alias=message&action=comment?comment-diary-id=1&comment-ip=182.118. 33.8&comment-author=88888&comment-email=hacker@hacker.org&comment-url=http: //www.hacker.org/&comment-text=88888&comment-submit=SEND&comment-parent=0 RLIKE (SELECT (CASE WHEN (4725=4725 ) THEN 0 ELSE 0x28 END))
    Vulnerability link 2:
    http: //xxx.com:80/index.php?alias=message' AND SLEEP(5)
    # Vulnerability link 3:
    http: //xxx.com:80/index.php?cat=note' AND 'dSob'='dSob

  • xss
    Vulnerability link:
    http: //xxx.com:80/admin/login.php?req_url=/admin/index.php"><script>alert(42873 )</script>

Why is it still injected when I use addslashes when writing to the database? Do link 1 and link 2 need to be combined to be injected?
As for the second vulnerability, I don't know how to defend against it.
I don’t have in-depth research on site security. I would like to ask you to analyze how this is achieved and how to fix the loopholes. Thank you.
If you need to write the code to the database, I will post it.

PS, writing links will be automatically shortened by sf, so a space is added after http:.


After debugging, it can indeed be injected...I still don’t know enough about sql

The final statement written to the database is:

insert into comment values(NULL,1,1497261734,'88888',0,'hacker@hacker.org','http://www.hacker.org/','182.118.33.8','88888',0 RLIKE (SELECT (CASE WHEN (4725=4725) THEN 0 ELSE 0x28 END)) AND SLEEP(5)%20%23);

I would like to ask what the last sentence means

0 RLIKE (SELECT (CASE WHEN (4725=4725) THEN 0 ELSE 0x28 END)) AND SLEEP(5)%20%23
高洛峰
高洛峰

拥有18年软件开发和IT教学经验。曾任多家上市公司技术总监、架构师、项目经理、高级软件工程师等职务。 网络人气名人讲师,...

reply all(3)
Ty80

xss nested html script code, parameters should be converted into html entities. Function htmlspecialchars

Connection 1 is to perform mysql by entering the mysql keyword. Now, you should need to filter the keyword.

Of course, the best way to prevent injection is to use preprocessing! ! ! !

洪涛
  1. It is best to use parameterized queries instead of splicing SQL statements.

  2. xss can be filtered through parameters to filter out script codes like <script>.

我想大声告诉你

Your code is not filtered at all

Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template