My website was attacked a month ago, and today I received a vulnerability detection report from 360. Oh my God, 360 still does this kind of thing?
sql injection
Vulnerability link 1:
http: //xxx.com:80/index.php?alias=message&action=comment?comment-diary-id=1&comment-ip=182.118. [email protected]&comment-url=http: //www.hacker.org/&comment-text=88888&comment-submit=SEND&comment-parent=0 RLIKE (SELECT (CASE WHEN (4725=4725 ) THEN 0 ELSE 0x28 END))
Vulnerability link 2:
http: //xxx.com:80/index.php?alias=message' AND SLEEP(5)
# Vulnerability link 3:
http: //xxx.com:80/index.php?cat=note' AND 'dSob'='dSob
xss
Vulnerability link:
http: //xxx.com:80/admin/login.php?req_url=/admin/index.php"><script>alert(42873 )</script>
Why is it still injected when I use addslashes when writing to the database? Do link 1 and link 2 need to be combined to be injected?
As for the second vulnerability, I don't know how to defend against it.
I don’t have in-depth research on site security. I would like to ask you to analyze how this is achieved and how to fix the loopholes. Thank you.
If you need to write the code to the database, I will post it.
PS, writing links will be automatically shortened by sf, so a space is added after http:
.
After debugging, it can indeed be injected...I still don’t know enough about sql
The final statement written to the database is:
insert into comment values(NULL,1,1497261734,'88888',0,'[email protected]','http://www.hacker.org/','182.118.33.8','88888',0 RLIKE (SELECT (CASE WHEN (4725=4725) THEN 0 ELSE 0x28 END)) AND SLEEP(5)%20%23);
I would like to ask what the last sentence means
0 RLIKE (SELECT (CASE WHEN (4725=4725) THEN 0 ELSE 0x28 END)) AND SLEEP(5)%20%23
xss 嵌套html腳本代碼,參數應該轉為html實體。函數htmlspecialchars
連接1系通過輸入mysql的關鍵字去進行mysql如今,應該需要將關鍵字過濾。
當然其實所有防止注入最好的方式是用預處理!!!!
最好使用参数化查询,而不要使用SQL语句拼接的方式。
xss可以通过参数过滤,将类似
这样的脚本代码过滤掉。
你这代码完全没过滤啊