Shulou(Shulou.com)06/01 Report--

Team profile:

The white hat community technical team is spontaneously formed by a number of excellent development engineers, safety engineers, and several excellent safety technicians. The team operates according to the concept of fairness, justice and openness, and has held several online technical exchange activities. Now, monthly technical topics, excellent technical analysis will launch online activities in the future: product R & D exchanges, celebrity interviews, sharing of technical achievements. Excellent author technical column, novice open class and other activities, to let more people understand and learn more comprehensive security technology. At the same time, in the future, we will also hold CTF online technical competitions and offline salon activities, so that you can get closer to technology Daniel to learn better safety technology.

The core theme of this topic has been unanimously voted by all users to be the WEB security series. This time, we will carry out all aspects of research and examples around this topic with our accumulated experience, so that you can understand the various risks that exist today and how to defend against these threats.

Document statement:

The purpose of this document is to provide popular science teaching materials for the majority of security technicians to improve network security awareness, illegally use the technology in this document to carry out illegal sex against others, any consequences have nothing to do with this document and the community team. The contribution content of the contributor has a negative impact on other enterprises and the loss shall be borne by the contributor.

I. Analysis of Web Security

With the continuous change of the network era, more and more enterprises or government agencies begin to change from television broadcasting and advertising to network publicity. Network notification undoubtedly speeds up the dissemination of information and expands the scope of dissemination. But this leads to a large number of local networks and data leaks, and various security companies are constantly repairing vulnerabilities and launching security products, but the network has not stopped. The losses caused by the Internet are as high as hundreds of billions every year, and we have to think deeply about the causes of this situation.

1. Security issues of enterprise websites

Enterprise websites are mostly suitable for small and medium-sized enterprises, and the scope of business is more reflected in personal business or information release or advertising, most of which are independently developed procedures, and this kind of website is the easiest object to be *, because, first of all, it is small in scale, and secondly, many of these websites involve property exchanges, so such websites account for a large proportion in most underground industry transactions. Third, because the program is independently developed, most enterprises do not conduct a good security audit of the program, so there may be a lot of program vulnerabilities, but because the business scope of most enterprises is small, so most enterprises are not willing to bear high maintenance costs, so most enterprises underestimate the importance of security. High-risk vulnerabilities such as SQL injection mostly occur in such websites. As a result, many people who have just entered the security industry can easily take down a lot of corporate websites.

two。 Social networking site security issues

Most social networking sites are forums, communities and other websites that can be registered by multiple users. Most of these websites are built with general CMS programs, so their program security is higher than that of corporate websites, but there is no absolute security procedure. Social networking sites also make it convenient for other users to find loopholes because of the openness of their programs, and because of their huge user data, they have also become the main target in underground industry transactions. But the most important point is the life cycle of the loophole. The time from the generation of the vulnerability to the notification of the official fix to the launch of the patch determines whether the security of user information and property can be guaranteed.

Two. detailed explanation of the types of loopholes

NO.1 SQL injection vulnerability

As we said in the first part, the vast majority of SQL injection vulnerabilities still appear on the websites of small and medium-sized enterprises, but there are also such vulnerabilities in some large enterprises or government agencies. The main reason for SQL injection is to bring in illegal SQL statements for queries, and there are many ways to cause illegal SQL statements, so SQL injection vulnerabilities have always been a major threat to WEB security. Due to the great harm of vulnerabilities and the simplicity of exploitation, it has become one of the important ways for most people to take WEBSHELL and steal user information.

Injection vulnerability classification:

GET injection

POST injection

COOKIE injection

Blind injection

Wide byte injection

Delayed injection

String truncation injection

Dual coding injection

Sort injection

Most people's understanding of SQL injection vulnerabilities still stays on and 1, 1 and 1, 2. However, with the popularity of network security knowledge, this method is also gradually lagging behind, SQL injection vulnerabilities have gradually become hidden, and the previous filtering thinking has become difficult to resist *.

The following analysis of a few pieces of vulnerability code

First of all, take a look at the simplest one.

$name=$_REQUEST ['name']

$sql= "SELECT * FROM ADMIN WHERE name=$name"

$res=mysql_query ($sql)

/ / this code does not filter the parameters passed by the user, which directly leads to the generation of SQL injection.

Take a look at the advanced ones

$name=$_REQUEST ['name']

$sql= "SELECT * FROM ADMIN WHERE name='$name'"

$res=mysql_query ($sql)

/ / this code adds the protection of single quotation marks to the variable, but we can also submit a'or'a method to bypass it.

Intermediate

$name=$_GET ['name']

$sql= "SELECT * FROM ADMIN WHERE name='$name'"

If ($res=mysql_query ($sql)) {

$res=mysql_fetch_row ($res)

Print_r ($res)

} else {

Echo "content does not exist"

}

/ / this code makes a friendly return result for querying incorrect information, but the SQL injection still exists, resulting in a blind injection vulnerability.

Advanced

/ / Forum program

$passwd=md5 ($_ REQUEST ['passwd'])

$sql= "SELECT * FROM ADMIN WHERE name='admin' and password='$passwd'"

If ($res=mysql_query ($sql)) {

Echo "login success"

} else {

Echo "login failed"

}

/ / this code restricts the user name and encrypts the password with md5 so that the user cannot use sensitive characters to test whether there is injection, but if we register a user name of admin and log in with it, we can successfully log in to the administrator account.

Above we just selected some classic types of vulnerabilities, of course, there are many other reasons, because of the length and probability of vulnerabilities, we will not show them here.

The above is an excerpt from the document. Please click the link below to download the complete document.

Link: http://pan.baidu.com/s/1pLbQf1p password: sjhz

Official account: White Hat Community

Official communication group: 298818545

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.