Home Accessibility Courses Twitter The Mouth Facebook Resources Site Map About Us Contact
 
For 2023 (and 2024 ...) - we are now fully retired from IT training.
We have made many, many friends over 25 years of teaching about Python, Tcl, Perl, PHP, Lua, Java, C and C++ - and MySQL, Linux and Solaris/SunOS too. Our training notes are now very much out of date, but due to upward compatability most of our examples remain operational and even relevant ad you are welcome to make us if them "as seen" and at your own risk.

Lisa and I (Graham) now live in what was our training centre in Melksham - happy to meet with former delegates here - but do check ahead before coming round. We are far from inactive - rather, enjoying the times that we are retired but still healthy enough in mind and body to be active!

I am also active in many other area and still look after a lot of web sites - you can find an index ((here))
An example of an injection attack using Javascript

Delegates sometimes ask me what an "injection attack" is, and for examples. I came across a really good example this morning on (oops!) one of our own pages - it's now fixed, but I'm documenting here and showing you what was happening so that you can learn from it.

Visiting one of the most popular pages on our web site this morning, all the expected content came up, but then this popup came on top of the page. It had me rather worried - the Image upload, store on database, retrieve, send back to browser demonstration is one of the busiest on our web site, and it had suddenly started coming up with this message. I tried it several times, and it was consistent - so it wasn't a genuine "database busy" message.


What had happened? We have a "review this page" facility on may of the pages on our web site - it encourages visitors to add comments. The comments don't get directly posted, but come to me for approval - this means that I can eliminate adverts for Viagra. And I had just approved a series of posts. Several of them were technical - included code - and I had overlooked the need to add in a call to htmlspecialchars. One of the visitor comments included:

die ("<html><script language='JavaScript'>alert('Unable to connect to database! Please try again later.'),history.go(-1)</script></html>");

which - alas - caused the script (which was being sent out to the browser) to run the Javascript ... outputting to the screen, then reverting to the previous page if the database was missing.

Cure? Simply adding an htmlspecialchars on each comment, problem fixed. I'm reluctant to call an "injection attack" as I don't think that the commenter was actually malicious - he was helpful, but he just caught me out. But what a great example of the sort of user input you need to be so careful to protect against!
(written 2010-02-08, updated 2010-02-11)

 
Associated topics are indexed as below, or enter http://melksh.am/nnnn for individual articles
W602 - Web and Intranet - Client Side Technologies
  [411] Javascript examples (some PHP and MySQL too) - (2005-08-13)
  [522] Javascript events - a good example - (2005-12-09)
  [1322] Flash - is it available to your web page? - (2007-08-26)
  [1681] Adding a button to a web page to print the page - (2008-06-18)
  [1749] Using server side and client side programming together - (2008-08-11)
  [1812] Starting Ajax - easy example of browser calling up server data - (2008-09-27)
  [1813] Ajax - going Asyncronous and what it means - (2008-09-28)
  [1814] Javascript/HTML example, dynamic server monitor - (2008-09-28)
  [2390] Dynamic / changing images on your web page - (2009-09-01)
  [3128] How does your browser find out about itself? - (2011-01-11)
  [4277] Sending a message to the server and changing text on a page when a button is pressed - (2014-05-23)
  [4310] Problem ... I want to print a series of numbered forms - (2014-10-05)

W510 - Web and Intranet - Executable Content
H117 - Security in PHP
  [345] Spotting a denial of service attack - (2005-06-12)
  [426] Robust checking of data entered by users - (2005-08-27)
  [920] A lion in a cage - PHP - (2006-11-10)
  [947] What is an SQL injection attack? - (2006-11-27)
  [1052] Learning to write secure, maintainable PHP - (2007-01-25)
  [1086] Injection attacks - safeguard your PHP scripts - (2007-02-20)
  [1323] Easy handling of errors in PHP - (2007-08-27)
  [1387] Error logging to file not browser in PHP - (2007-10-11)
  [1396] Using PHP to upload images / Store on MySQL database - security questions - (2007-10-19)
  [1482] A story about benchmarking PHP - (2007-12-23)
  [1542] Are nasty programs looking for security holes on your server? - (2008-02-17)
  [1679] PHP - Sanitised application principles for security and useability - (2008-06-16)
  [1694] Defensive coding techniques in PHP? - (2008-07-02)
  [1747] Who is watching you? - (2008-08-10)
  [1779] Injection Attacks - avoiding them in your PHP - (2008-08-31)
  [2025] Injection Attack if register_globals in on - PHP - (2009-02-04)
  [2688] Security considerations in programming - what do we teach? - (2010-03-22)
  [2939] Protecting your images from use out of context - (2010-08-29)
  [3210] Catchable fatal error in PHP ... How to catch, and alternative solutions such as JSON - (2011-03-22)
  [3698] How to stop forms on other sites submitting to your scripts - (2012-04-15)
  [3747] An easy way to comply with the new cookie law if your site is well designed - (2012-06-02)
  [3813] Injection Attacks - PHP, SQL, HTML, Javascript - and how to neutralise them - (2012-07-22)
  [4642] A small teaching program - demonstration of principles only - (2016-02-08)

H113 - Using MySQL Databases in PHP Pages
  [104] mysql_connect or mysql_pconnect in PHP? - (2004-10-30)
  [515] MySQL - an FAQ - (2005-12-03)
  [572] Giving the researcher power over database analysis - (2006-01-22)
  [581] Saving a MySQL query results to your local disc for Excel - (2006-01-29)
  [647] Checking for MySQL errors - (2006-03-15)
  [666] Database design - get it right from first principles - (2006-04-02)
  [723] Viewing images held in a MySQL database via PHP - (2006-05-17)
  [915] Paging through hundreds of entries - (2006-11-05)
  [937] Display an image from a MySQL database in a web page via PHP - (2006-11-22)
  [1010] Dates, times, clickable diarys in PHP - (2006-12-28)
  [1561] Uploading to a MySQL database through PHP - examples and common questions - (2008-03-02)
  [1983] Keeping PHP code in database and running it - (2009-01-09)
  [2071] Setting up a MySQL database from PHP - (2009-03-08)
  [2259] Grouping rows for a summary report - MySQL and PHP - (2009-06-27)
  [2320] Helping new arrivals find out about source code examples - (2009-08-03)
  [2432] Using print_r in PHP to explore mysql database requests - (2009-10-01)
  [2447] MySQL stored procedures / their use on the web from PHP - (2009-10-10)
  [2561] The future of MySQL - (2010-01-03)
  [3035] How to display information from a database within a web page - (2010-11-07)
  [3455] MySQL, MySQLi, PDO or something else - how best to talk to databases from PHP - (2011-09-24)
  [4378] What FGW passengers want to talk about / and PHP programming to find out - (2015-01-01)
  [4483] Moving from mysql to mysqli - simple worked example - (2015-05-03)


Back to
Saturdays out from Melksham - to Oxford, to Didcot or to Swindon
Previous and next
or
Horse's mouth home
Forward to
Curly braces within double quoted strings in PHP
Some other Articles
Shipping a test harness with your class in PHP
How to show a large result set page by page in PHP
Static variables and ampersands in PHP
Curly braces within double quoted strings in PHP
An example of an injection attack using Javascript
Saturdays out from Melksham - to Oxford, to Didcot or to Swindon
On Malachite Green
Both feet on the same pavement
Skyline and looking up in London
Object Oriented Ruby - new examples
4759 posts, page by page
Link to page ... 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96 at 50 posts per page


This is a page archived from The Horse's Mouth at http://www.wellho.net/horse/ - the diary and writings of Graham Ellis. Every attempt was made to provide current information at the time the page was written, but things do move forward in our business - new software releases, price changes, new techniques. Please check back via our main site for current courses, prices, versions, etc - any mention of a price in "The Horse's Mouth" cannot be taken as an offer to supply at that price.

Link to Ezine home page (for reading).
Link to Blogging home page (to add comments).

You can Add a comment or ranking to this page

© WELL HOUSE CONSULTANTS LTD., 2024: 48 Spa Road • Melksham, Wiltshire • United Kingdom • SN12 7NY
PH: 01144 1225 708225 • EMAIL: info@wellho.net • WEB: http://www.wellho.net • SKYPE: wellho

PAGE: http://www.wellho.net/mouth/2628_An- ... cript.html • PAGE BUILT: Sun Oct 11 16:07:41 2020 • BUILD SYSTEM: JelliaJamb