Home >Backend Development >PHP Tutorial >Common PHP attacks (detailed explanation of 6 types of attacks)

Common PHP attacks (detailed explanation of 6 types of attacks)

不言
不言Original
2018-04-03 11:26:212345browse

This article introduces common PHP attacks (detailed explanations of 6 types of attacks). It is shared here with everyone. It can also be a reference for those who need help. Let’s take a look together.

1. SQL injection

SQL injection is a malicious attack in which users enter SQL statements in form fields to affect normal SQL execution. There is also one injected through the system() or exec() command, which has the same SQL injection mechanism, but only targets shell commands.


[python] view plain copy


Common PHP attacks (detailed explanation of 6 types of attacks)Common PHP attacks (detailed explanation of 6 types of attacks)

  1. ##$username = $_POST['username'] ;

  2. ##$query =

    "select * from auth where username = '".$username."'";

  3. ##echo $query;
  4. $db = new mysqli(
  5. 'localhost'

    , 'demo', 'demo ', 'demodemo');

    #$result = $db->query($query);
  6. ##if
  7. ($result && $result->num_rows) {

    echo

    "
    Logged in successfully"
  8. ;

  9. } else {

  10. ## echo "
    Login failed";

  11. ##}

Prevent SQL injection options:

*Use mysql_real_escape_string() to filter data
*Manually check whether each data is the correct data type
*Use prepared statements and bind variables
*Use prepared prepared statements
*Separate data and SQL logic
*Preprocessed statements will be automatically filtered (e.g. escaped)
*As a coding standard, it can help newcomers in the team avoid encountering the above problems


[python]

view plain copy


Common PHP attacks (detailed explanation of 6 types of attacks)Common PHP attacks (detailed explanation of 6 types of attacks)

  1. $query = 'select name, district from city where countrycode=?' ;

  2. ##if

    ($stmt = $db->prepare($ query) ){

    ## $countrycode =
  3. 'hk'
  4. ;

    $stmt->bind_param(
  5. "s"
  6. , $countrycode);

    $stmt->execute();
  7. $stmt->bind_result($name, $district);

  8. while ( $stmt ($stmt->fetch() ){

  9. # echo $name.', '.$district;

  10. ## echo

    '
    ';

  11. } }

  12. ## $stmt->close();
  13. }

##2. XSS attack

XSS (Cross-Site Scripting) is an attack where the user inputs some data into your website, which includes client-side script (usually JavaScript) that outputs the data if you don't filter it. Another web page, this script will be executed. What will happen to receive the text content submitted by the user?
*Annoying pop-ups

*Refresh or redirect

*Damage web pages or forms

*Steal cookies

*AJAX(XMLHttpRequest)
Prevent XSS attacks
In order to prevent XSS attacks, use PHP's htmlentities() function to filter and then output to the browser ##. The basic usage of #htmlentities() is simple, but there are many advanced controls, please refer to the XSS cheat sheet


3. Session fixation



Session. Security, assuming a PHPSESSID is difficult to guess. However, PHP can accept a session ID via a cookie or URL. Therefore, a victim can be tricked into using a specific (or other) session ID or phishing attack.

#4. Session Capture and Hijacking


This is the same idea as session fixation, however, it involves stealing the session ID from the attacker if the session ID is stored in a cookie. Can be stolen via XSS and JavaScript. If the session ID is included in the URL, it can also be obtained through sniffing or from the proxy server.

Prevent session capture and hijacking:

*Update ID

*If using session, Please ensure that users use SSL


5. Cross-site request forgery (CSRF)


CSRF attack refers to a request made by a page that looks like Be a trusting user of the site, but not intentionally. It has many variations, such as the following example:


[python]
view plain copy



  1. Common PHP attacks (detailed explanation of 6 types of attacks)'http://example.com/single_click_to_buy.php?user_id=123&item=12345'>


##Prevent cross-site request forgery
In general, make sure the user is coming from your form, and match every form you send out. There are two points that must be remembered:
Use appropriate security measures for user sessions, such as updating IDs for each session and using SSL for users.
Generate another one-time token and embed it into the form, save it in the session (a session variable), and check it on submit.


6. Code injection

Code injection is caused by exploiting computer vulnerabilities by processing invalid data. The problem comes when you accidentally execute arbitrary code, usually via file inclusion. Poorly written code can allow a remote file to be included and executed. Like many PHP functions, such as require can contain a URL or file name, for example:


##[python]

view plain copy


Common PHP attacks (detailed explanation of 6 types of attacks)Common PHP attacks (detailed explanation of 6 types of attacks)

  1. ## Choose theme:
  2. #

  3. ##                                                                                                                                                                                                               green>Green ##

  4. #

  5. ##

  6. if($theme) {

  7. ## require( $theme.'.txt');

  8. ##}

  9. ?>

In the above example, by passing a file name or a file name entered by the user part to include files starting with "http://".

Prevent code injection
*Filter user input

*Set in php.ini to disable allow_url_fopen and allow_url_include. This will disable require/include/fopen for remote files.

Other General Principles

1. Do not rely on server configuration to protect your application, especially when your web server/PHP is managed by your ISP, or when your website may be migrated/deployed to other places, and then migrate/deploy from other places to other places in the future. Please embed security-aware checks/logic in your website code (HTML, JavaScript, PHP, etc.).


2. Design server-side security scripts:

—For example, use single-line execution - single point authentication and data sanitization

—For example, embed in all security-sensitive pages A PHP function/file that handles all login/security logic checks

3. Make sure your code is updated and patched with the latest patches.

Related recommendations:

PHP attack website defense code-and attack code reverse translation_PHP tutorial

The above is the detailed content of Common PHP attacks (detailed explanation of 6 types of attacks). For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn