Shulou(Shulou.com)05/31 Report--

Today, I will talk to you about how to analyze Web infiltration skills, which may not be well understood by many people. In order to make you understand better, the editor has summarized the following contents for you. I hope you can get something according to this article.

At present, with the continuous development of the information network, people's awareness of information security is rising day by day, and the security protection measures of the information system are also gradually improved. firewalls are usually deployed at the Internet boundary of the server to isolate the internal and external networks. only the server ports needed externally are exposed. The use of this measure can greatly improve the security level of the information system, for external attackers, it is like closing all unrelated paths, leaving only one necessary entrance.

But in this state, there is still a kind of security problem that can not be avoided, that is, web vulnerabilities. The reason for its formation is that the input characters of the user are not strictly filtered when the program is written, so that the hacker can carefully construct a malicious string to achieve his own purpose.

So, how can we find out if there is such a security problem? Below we will list a few relatively simple infiltration techniques.

XSS vulnerability

Find everything possible that the user can control and output in the page code, such as the following: every parameter of URL, URL itself, form, common scenarios in the search box (including comment area, message area, personal information, order information, search box, current directory, image properties, etc.), and enter the code alert (hello). If shown in the figure below, please note that your system is likely to be hit by a cross-site scripting attack.

Cross-site scripting attacks XSS malicious attackers will insert malicious Script code into the Web page. When the user browses the page, the Script code embedded in the Web will be executed, thus achieving the purpose of maliciously attacking the user.

XSS attacks are aimed at user-level attacks! Storage XSS, persistence, the code is stored in the server, such as inserting code in places such as personal information or articles, if it is not filtered or lax, then the code will be stored in the server, and the code execution will be triggered when the user visits the page. This kind of XSS can be dangerous, easy to cause worms, theft of cookie, and so on.

SQL injection

[SQL statement for: $sql= "select*from admin where id=". $id;]

Normal access: www.linuxtest.com/test2.php?id=1

Find the injection point:

1. Abnormal www.linuxtest/test2.php?id=1', results return abnormal pages, indicating that there may be injected nodes. Continue with the following verification.

2. Continue to visit www.linuxtest/test2.php?id=1 and 1 / 1 abnormally, and the result returns to normal page.

3. If you continue to visit www.linuxtest/test2.php?id=1 and 1 / 2 abnormally, the abnormal page will be returned with injection nodes. You can add attack SQL statements directly after id=1.

[other SQL1 statements: $sql= "select*from admin where id=$id";]

Same as above

[other SQL2 statements: $sql= "select*from admin where id=' {$id}'";]

There is an injection point at this time, but we must eliminate the single quotation marks in order to insert the corresponding attack SQL by:

Add (and'=) to eliminate; for example: test2.php?id=1' union select 1 and'= 2 and'=; the result SQL is: select*from admin where id='1' union select 1 Magi 2 3 and'='

Increase (and "='), (union select 1 and 2), and so on.

Due to the different system environment, the damage that the attacker may cause is also different, which is mainly determined by the security permissions of the application to access the database. If the user's account has administrator or other more advanced privileges, an attacker may perform various actions he wants to do on the tables in the database, including adding, deleting, or updating data, and may even delete the tables directly.

The above is a direct manual operation, the following will lead you to witness the penetration of burp_suite tools.

When you need to initiate a request, the interceptor system is activated as shown in the following figure (take a website as an example):

When you go to the page you want to modify, click close after tampering with the parameters. If successful, the page will return the modified parameters, which is called blocking tampering vulnerability.

Results:

In most cases, burpsuite completes the vulnerability attack by tampering with parameters, and you can see that the web page is directly tampered with. This situation not only reduces the customer experience, but also faces operational risks, even legal risks, resulting in a series of risks such as public relations crisis.

After reading the above, do you have any further understanding of how to analyze Web penetration techniques? If you want to know more knowledge or related content, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.