TAILIEUCHUNG - ICT 5 Web Development - Chapter 6.2: MySQL & PHP Advanced

ICT 5 Web Development - Chapter : MySQL & PHP Advanced includes CardSystems Attack, Normal Query, Getting private info, Different database engines, Retrieving result information, Referencing the PEAR. | Vietnam and Japan Joint ICT HRD Program ICT 5 Web Development Content 1. SQL Injection 2. PEAR Database Chapter . MySQL & PHP Advanced Nguyen Thi Thu Trang trangntttrangntt-fit@ 2 Database queries with PHP Basic picture: SQL Injection (the wrong way) Sample PHP Victim Server $recipient = $ POST[‘ $ i i $_POST[‘recipient’]; i i ’] 1 $sql = "SELECT PersonID FROM People WHERE Username='$recipient' Username='$recipient' "; 2 $rs = $db->executeQuery($sql); $db- executeQuery($sql); 3 receive valuable data unintended SQL query Attacker Problem: – Untrusted user input ‘recipient’ is embedded directly into SQL command Victim SQL DB 3 4 1 CardSystems Attack April 2008 SQL Vulnerabilities CardSystems y – credit card payment processing company – SQL injection attack in June 2005 – put out of business The Attack – 263 000 credit card #s stolen from database 263,000 – credit card #s stored unencrypted – 43 million credit card #s exposed #s 5 Main steps in this attack Example: buggy login page Use Google to find sites using a particular ASP style vulnerable to SQL injection (ASP) set ok = execute( "SELECT * FROM Users execute( WHERE user=' " & form(“user”) & " ' AND pwd=' " & form(“pwd”) & “ '” ); pwd=' form(“pwd”) Use SQL injection on these sites to modify the page to include a link to a Chinese site (Don't visit that site yourself!) if not login success else fail; The site () serves Javascript that exploits vulnerabilities in IE, RealPlayer, QQ Instant Messenger Is this exploitable? Steps (1) and (2) are automated in a tool that can be configured to inject whatever you like into vulnerable sites 7 8 2 Normal Query Bad input Suppose Web Browser (Client) Enter Username & Password Web Server SELECT * FROM Users WHERE user='me' AND pwd='1234' encoded) user = “ ' or 1=1 -- ” (URL Then scripts does: DB ok = execute( SELECT WHERE user= ' ' or 1=1 -- ) – The “--” causes rest of line

TỪ KHÓA LIÊN QUAN
Đã phát hiện trình chặn quảng cáo AdBlock
Trang web này phụ thuộc vào doanh thu từ số lần hiển thị quảng cáo để tồn tại. Vui lòng tắt trình chặn quảng cáo của bạn hoặc tạm dừng tính năng chặn quảng cáo cho trang web này.