A, SQL injection attacks (SQL Injection)
String attacker to insert SQL command into the Web form input field or page request, deception server to execute malicious SQL commands. In certain forms, the user input is directly used to construct (or impact) dynamic SQL command or stored as an input parameter of the procedure, such a form particularly susceptible to SQL injection attacks. Common SQL injection attack process categories such as:
1. a Web application has a login page, the login page controls whether the user has access to applications that require users to enter a name and password;
2. The content of the login page, enter directly used to construct dynamic SQL command, or directly as parameters stored procedure;
for example:
; $ query = 'SELECT * from Users WHERE login =' $ username 'AND password =' $ password...
SUMMARY 3. attacker user name and password input box 'or' 1 '=' 1 like ;
after the content 4. user input submitted to the server, run the above code to construct the query the user's SQL commands, but the attacker entered the content is very special, so the resulting SQL command becomes:
* Login from the Users the WHERE the SELECT = '' or '. 1' = '. 1' the AND password = '' or '. 1' = '. 1';
5. The server performs queries or stored procedures, and save the identity information in the server user input compare the identity information;
6. Because SQL command injection attacks in fact been modified, has not really authenticate users, so the system will incorrectly licensed to the attacker.
If the attacker knows the contents of the application form will be entered directly used for verification of identity, he would try to enter some special SQL query string tampering to change its original function, cheating the system to grant access.
Different system environments, an attacker may cause damage is different, mainly determined by the application of security permissions to access the database. If a user account that has Administrator or other more advanced privileges, an attacker could perform various operations on the database table he wants to do, including adding, deleting or updating data, and may even delete tables
prevention methods:
1. check variable data type and format
2. filter special symbol
3. bind variables, using prepared statements
Second, cross-site scripting attacks (Cross Site Scripting, XSS)
attacker to inject malicious code on a Web page, other users will be executed when the page loads the code, an attacker could get including but not limited to higher authority (such as the implementation of some operation), private web page content, session and cookie and other content. The malicious code is usually JavaScript, HTML, and other client-side scripting language.
E.g:
? <PHP
echo "Welcome," $ _ GET [ 'name '];.
If you pass a script <script> [code] </ script>, the script will be executed. With such a URL will execute the JavaScript alert function pops up a dialog box: http: //localhost/test.php name = <script > alert (123456) </ script>?
Common means of attack are:
theft of cookie, access to sensitive information;
using iframe, frame, XMLHttpRequest or said Flash, etc., to (attack) the identity of the user to perform some management actions, or perform some general, such as micro-blog, add friends, send private messages and other operations;
use can be attacked other features of the domain by domain trust as a trusted source of request usually do not allow some operations, such as the improper conduct of voting;
XSS in some great views of the page can attack a number of small sites, to achieve DDoS attacks effect.
Prevention Methods: htmlspecialchars function to convert the special characters into HTML code, the filter output variable
Third, cross-site request forgery attacks (Cross Site Request Forgeries, CSRF)
attacks forged the target user's HTTP request, and then send the request to have CSRF vulnerabilities site after site to perform this request, triggering cross-site request forgery attacks. An attacker who exploited the hidden HTTP connection, allowing users in the target inadvertently click on this link, because it is the user's own click, and he is the legitimate user has the lawful authority, so the user can perform a specific target in the HTTP site Links to achieve the goal of the attackers.
It is different with the XSS attack method, using the XSS vulnerability affects users within a site, a user who is a target in the same site, and the Web system to affect the interests of the victim's CSRF send malicious requests by pretending to be the victim's.
For example:
a shopping site to buy goods using http://www.shop.com/buy.php?item=watch&num=100,item parameter determines what items you want to buy, num parameter determines the quantity to be purchased, if the attacker to send a hidden way to the target user link
, then later if the target user does not care access, the number of purchase became 100
prevention methods:
1, check the source of the web page
2, check the built-in hidden variables
3, using POST, do not use the GET , process variables and do not directly use the $ _REQUEST
Four, Session fixation attacks (Session Fixation)
attacker preset session id, so that legitimate users to use this session id to access the application being attacked, once the user's session ID is successfully fixed, the attacker can come through this session id impersonate the user access to the application.
For example:
1. The attacker visit the Web site http: ///www.bank.com, get his own session id, such as: SID = 123;
2. the attacker to the target users to send links and bring your own session id, such as: HTTP: ///www.bank.com/ SID = 123;?
3. target user clicks http: ///www.bank.com/ SID = 123, as usual, enter your user name? password to log into the site;
4. As the server does not change the session id, the attacker now click on http:? ///www.bank.com/ SID = 123, he has the identity of the target user, can do whatever they want.
Prevention methods:
1. Regularly change the session id
session_regenerate_id (TRUE); // delete the old session files, each will generate a new session id. Default false, keep the old session
2. Change the name of the session
the default session name is PHPSESSID, this variable will be saved in a cookie, if the attacker does not get caught analysis, you can not guess the name, blocking part of the attack
session_name ( "mysessionid");
3. close the session id transparency
transparent session id http request means that when the browser does not use a cookie to develop when the session id, sessioin id link to pass
int_set ( "session.use_trans_sid", 0);
4. examination session id cookie from only
int_set ( "session.use_cookies", 1) ; // ID represents use cookies to store the session
int_set ( "session.use_only_cookies",. 1); // represents only cookies ID stored the session
5. The hidden parameter using the URL passed
MD5 sid = $ (uniqid (RAND ()), TRUE));
$ _SESSION [ "sid"] = $ sid; // Although the attacker can obtain session data, but can not know the value of $ sid, as long as the check sid value, it can confirm whether the current page is the web application itself call
five, Session hijacking attacks (Session hijacking)
attacker using a variety of means to obtain the target user's session id. Once acquired session id, the attacker can visit the website to obtain permission to operate the target user's identity using the target user.
An attacker obtains the target user session id method:
1. brute force: try a variety of session id, until the crack;
2. Calculation: If the session id is generated using a non-random manner, it is possible to calculate out;
3. theft: use network interception, xss attacks and other methods to obtain
preventive methods:
1. regularly change the above mentioned id session
2. change the name of the session
3. Close the transparency of the above mentioned id session
4. set HttpOnly. By setting the HttpOnly Cookie is true, you can prevent client-side script to access the Cookie, so as to effectively prevent XSS attacks.
Sixth, file upload vulnerability (File Upload Attack)
an attacker to exploit the bug to bypass system validation and processing strategy document will upload malicious code to the server and get the ability to perform server-side command.
Common means of attack are:
Upload Web script code, Web container interpreted upload malicious scripts;
upload Flash cross-domain policy file crossdomain.xml, modify access (other policy files similar use patterns);
upload viruses, Trojan files to trick users Download and administrators execution;
upload a picture of the script, some low-level version of the browser will execute the script for fishing and fraud.
Overall, the use of the ability to upload files to either have an executable (malicious code) or ability (Profile) affect server behavior.
Prevention Method:
1. File upload directory is set to not executable;
2. Analyzing the file type, whitelist. For the processing of the picture, you can use the compression function or resize function, HTML code to handle the picture destroy images that may be contained;
3. Use a random number to overwrite the file names and file paths: one is inaccessible after uploading; again is like a shell, .php, .rar and crossdomain.xml this document, will be unable to attack because renaming;
4. set up a separate file server's domain name: because of the browser's same-origin policy, a series of client-side attacks will fail, such as uploading crossdomain.xml, upload a Javascript XSS use of other issues will be resolved.
Reprinted from: https: //blog.csdn.net/homelam/article/details/80318587