Академический Документы
Профессиональный Документы
Культура Документы
Agenda
1. 2. 3. 4. 5. SQL Injection Cross Site Scripting (XSS) Path Traversal Cross Site Request Forgery (CSRF) Unvalidated Redirect
SQL Injection
SQL Injection
http://example.com/items.php?id=2 SELECT title, description, body FROM items WHERE ID = 2
SQL Injection
http://example.com/items.php?id=2 or 1=2 SELECT title, description, body FROM items WHERE ID = 2 or 1=2
SQL Injection
Defense
Prepared Statements (Parameterized Queries)
String query = "SELECT account_balance FROM user_data WHERE user_name = ? "; PreparedStatement stmt = connection.prepareStatement( query ); stmt.setString( 1, name);
Stored Procedures
Path Traversal
Path Traversal
http://example.com/get.php?file=report.pdf
Path Traversal
http://example.com/get.php?file=report.pdf http://example.com/get.php?file=get.php
Path Traversal
http://example.com/get.php?file=report.pdf http://example.com/get.php?file=get.php http://example.com/get.php?file=../get.php
Path Traversal
http://example.com/get.php?file=report.pdf http://example.com/get.php?file=get.php http://example.com/get.php?file=../get.php http://example.com/get.php?file=/etc/passwd
Path Traversal
<?php $template = 'blue.php'; if ( is_set( $_COOKIE['TEMPLATE'] ) ) $template = $_COOKIE['TEMPLATE']; include ( "/home/users/php/templates/" . $template ); ?>
Path Traversal
Request GET /vulnerable.php HTTP/1.0 Cookie: TEMPLATE=../../../../../../../../../etc/passwd
Path Traversal
Request GET /vulnerable.php HTTP/1.0 Cookie: TEMPLATE=../../../../../../../../../etc/passwd Response HTTP/1.0 200 OK Content-Type: text/html Server: Apache root:fi3sED95ibqR6:0:1:System Operator:/:/bin/ksh daemon:*:1:1::/tmp: php:f8fk3j1OIf31.:182:100:Developer:/home/users/php/:/bin/csh
Unvalidated Redirect
Unvalidated Redirect
Unvalidated Redirect
$redirect_url = $_GET['redir']; header("Location: " . $redirect_url);
Unvalidated Redirect
Email to Alice: Greetings from your Bank! Internet Banking Log In
Unvalidated Redirect
Email to Alice: Greetings from your Bank! <a href=https://www.53.com/? a=123&b=1pUWTlSNfre4f2yfVLRruXgulWTVlF1czz0Kz00lL_5&redir= www.evilbank.com¶m=F1czz0Kz00lL_5g> Internet Banking Log In </a>
Unvalidated Redirect
Email to Alice: Greetings from your Bank! <a href=https://www.53.com/? a=123&b=1pUWTlSNfre4f2yfVLRruXgulWTVlF1czz0Kz00lL_5&redir= www.evilbank.com¶m=F1czz0Kz00lL_5g> Internet Banking Log In </a>
Unvalidated Redirect
Unvalidated Redirect
Thank you