1.SQL injection
SQL injection, usually submit or enter the domain name or page request query string through the SQL commands inserted into a Web form, and ultimately achieve deception server to execute malicious SQL commands.
SQL injection example
In the login screen, backend (username) and password (password), the MySQL database to verify the user's identity based on the user input by the user.
User to enter a user name [cedric], password [123456], in the back-end processing, splicing sql statement will be as follows, when the authentication username and password success, namely a successful login.
// 用户名为 cedric , 密码为 123456
select username from users where username='cedric' and password='123456';However, if a malicious user to enter a user name in the input box [cedric '-] (Note that the last face there is a space) and a random error code [111], in the back-end processing, will conduct the following sql statement stitching, will successful login.
// 符号 ‘--’ 后面的语句相当于被注释了
select username from users where username='cedric -- ' and password='111';Alternatively, if a malicious user to enter a user name [cedric '; delete from users; -] in the input box and a random error code [111], when the back-end processing, splicing sql statement does the following, the result can cause the database All users are deleted.
// 符号 ‘--’ 后面的语句相当于被注释了
select username from users where username='cedric';delete from users; -- ' and password='111';SQL injection prevention
The Node environment, using the escape function processing mysql input, the parameter can escape special characters.
In all parts of input sql statement, we can handle it with the escape function, such as:
const login = (username, password) => {
// 预防 sql 注入
username = escape(username)
password = escape(password)
const sql = `
select username from users where username=${username} and password=${password};
`
// 然后按上面语句执行 sql 查询
···
}2. XSS attack
XSS is a computer security vulnerabilities in web applications, it allows a malicious web user code (the code include HTML code and client-side scripting) implanted to provide to other pages used by the user.
XSS attacks example
xss attack is mainly directed against the form of input / textarea text box launched, such as input in the text box:
<script> alert(1) </script>If the front-end filter is not submitted directly to the back end (such as Node), and the server does not filter directly into the database repository, then the next (or other user) to enter the page, it will be executed alert(1), a pop-up page.
cookie values steal web page
Or, malicious input text box:
<script> alert(document.cookie) </script>You can get the user cookie.
Jump malicious traffic hijacking achieve
Malicious input text box:
<script>window.location.href="www.abc.com";</script>Leading to the site visit will automatically jump to the www.abc.com.
XSS Attack Prevention
The data entered by the user HTML Entity encoding, i.e. on <script>, <a>like the label < >conversion, and then stored back to the database.
Under Node environment, the installation:
$ npm install xssThen modify:
const xss = require('xss')
const inputValue = content // 未进行 xss 防御
const inputValue = xss(content) // 已进行 xss 防御If you then enter malicious input in the input box <script> alert(1) </script>, it will be converted to and stored in the database the following statement:
<script> alert(1) </script>It has reached unable to perform <script>purposes.