Đang chuẩn bị liên kết để tải về tài liệu:
ICT 5 Web Development - Chapter 6.2: MySQL & PHP Advanced

Đang chuẩn bị nút TẢI XUỐNG, xin hãy chờ

ICT 5 Web Development - Chapter 6.2: MySQL & PHP Advanced includes CardSystems Attack, Normal Query, Getting private info, Different database engines, Retrieving result information, Referencing the PEAR. | Vietnam and Japan Joint ICT HRD Program ICT 5 Web Development Content 1. SQL Injection 2. PEAR Database Chapter 6.2. MySQL & PHP Advanced Nguyen Thi Thu Trang trangntttrangntt-fit@mail.hut.edu.vn 2 Database queries with PHP Basic picture: SQL Injection (the wrong way) Sample PHP Victim Server $recipient = $ POST[‘ $ i i $_POST[‘recipient’]; i i ’] 1 $sql = "SELECT PersonID FROM People WHERE Username='$recipient' Username='$recipient' "; 2 $rs = $db->executeQuery($sql); $db- executeQuery($sql); 3 receive valuable data unintended SQL query Attacker Problem: – Untrusted user input ‘recipient’ is embedded directly into SQL command Victim SQL DB 3 4 1 CardSystems Attack April 2008 SQL Vulnerabilities CardSystems y – credit card payment processing company – SQL injection attack in June 2005 – put out of business The Attack – 263 000 credit card #s stolen from database 263,000 – credit card #s stored unencrypted – 43 million credit card #s exposed #s 5 Main steps in this attack Example: buggy login page Use Google to find sites using a particular ASP style vulnerable to SQL injection (ASP) set ok = execute( "SELECT * FROM Users execute( WHERE user=' " & form(“user”) & " ' AND pwd=' " & form(“pwd”) & “ '” ); pwd=' form(“pwd”) Use SQL injection on these sites to modify the page to include a link to a Chinese site nihaor1.com (Don't visit that site yourself!) if not ok.EOF login success else fail; The site (nihaorr1.com) serves Javascript that exploits vulnerabilities in IE, RealPlayer, QQ Instant Messenger Is this exploitable? Steps (1) and (2) are automated in a tool that can be configured to inject whatever you like into vulnerable sites 7 8 2 Normal Query Bad input Suppose Web Browser (Client) Enter Username & Password Web Server SELECT * FROM Users WHERE user='me' AND pwd='1234' encoded) user = “ ' or 1=1 -- ” (URL Then scripts does: DB ok = execute( SELECT WHERE user= ' ' or 1=1 -- ) – The “--” causes rest of line