|
Training, Open Source Programming Languages This is page http://www.wellho.net/resources/ex.php4 Our email: info@wellho.net • Phone: 01144 1225 708225 |
| For 2023 (and 2024 ...) - we are now fully retired from IT training. We have made many, many friends over 25 years of teaching about Python, Tcl, Perl, PHP, Lua, Java, C and C++ - and MySQL, Linux and Solaris/SunOS too. Our training notes are now very much out of date, but due to upward compatability most of our examples remain operational and even relevant ad you are welcome to make us if them "as seen" and at your own risk. Lisa and I (Graham) now live in what was our training centre in Melksham - happy to meet with former delegates here - but do check ahead before coming round. We are far from inactive - rather, enjoying the times that we are retired but still healthy enough in mind and body to be active! I am also active in many other area and still look after a lot of web sites - you can find an index ((here)) |
Injection attacks and preventing them
Security in PHP example from a Well House Consultants training course
More on Security in PHP [link]
More on Security in PHP [link]
|
This example is described in the following article(s): • Injection Attacks - PHP, SQL, HTML, Javascript - and how to neutralise them - [link] |
Source code: inject.php Module: H117
<?php
/* This is a simple example that's designed to show what an HTML injection, a Javascript injection
and an SQL injection are. I have published the code here with the lines that add protection against
attacks NOT commented out so that this code in its current form in safe. Please be very careful if
you delete those lines ... */
# Grab the incoming raw string.
$lookfor = stripslashes($_GET[search]);
$report = stripslashes($_GET[search]);
# HTML Injection attack (using characters like < and & and ") :
# SOLUTION will be to use htmlspcialchars as in following line:
# -------------------------------------------
$report = htmlspecialchars($report);
# -------------------------------------------
# (Delete / comment out that line above if you want to try an injection)
# nasty thing to try:
# <h1>
# shout the rest of the page!
# {some Javascript}
# sends JS as part of the echo; browser then thinks
# it's clean because it's code delivered from the server
# this is known as a Javascript injection attack
# Cure is htmlspecialchars (again!)
$result = "Searching for $report<br />";
mysql_connect("localhost","wellho","4qash22m");
mysql_select_db("test");
# SQL injection attack (using characters such as ' ):
# SOLUTION will be to add_slashes as in following line:
# -------------------------------------------
$lookfor = mysql_real_escape_string($lookfor);
# -------------------------------------------
# (Delete / comment out that line above if you want to try an injection)
$r = mysql_query("select rid,tlc,postcode,name from railuse ".
"where name like '%$lookfor%'");
# nasty thing to try:
# ' and postcode like 'ws
# searching by postcode even though script is by name
# ss' or postcode like 'ws
# adding in extra records even if they don't match
# Study your MySQL to find how to include things like
# "Drop Database" as a subcommand ... :-( ...
# See - alternative ways in mysqli and PDO:: routines
while ($row = mysql_fetch_assoc($r)) {
$result .= "<br />$row[name]";
}
?>
<html>
<head>
<title>Injection Attack Demo</title>
</head>
<body>
<h1>BAD EXAMPLE - do not copy to your system</h1>
<form>
Search for: <input name="search" size="60" /> and <input type=submit />
</form>
<hr />
Results from last time<br /><br >
<?php print($result); ?>
<br />
Copyright, etc
</body>
</html>
/* This is a simple example that's designed to show what an HTML injection, a Javascript injection
and an SQL injection are. I have published the code here with the lines that add protection against
attacks NOT commented out so that this code in its current form in safe. Please be very careful if
you delete those lines ... */
# Grab the incoming raw string.
$lookfor = stripslashes($_GET[search]);
$report = stripslashes($_GET[search]);
# HTML Injection attack (using characters like < and & and ") :
# SOLUTION will be to use htmlspcialchars as in following line:
# -------------------------------------------
$report = htmlspecialchars($report);
# -------------------------------------------
# (Delete / comment out that line above if you want to try an injection)
# nasty thing to try:
# <h1>
# shout the rest of the page!
# {some Javascript}
# sends JS as part of the echo; browser then thinks
# it's clean because it's code delivered from the server
# this is known as a Javascript injection attack
# Cure is htmlspecialchars (again!)
$result = "Searching for $report<br />";
mysql_connect("localhost","wellho","4qash22m");
mysql_select_db("test");
# SQL injection attack (using characters such as ' ):
# SOLUTION will be to add_slashes as in following line:
# -------------------------------------------
$lookfor = mysql_real_escape_string($lookfor);
# -------------------------------------------
# (Delete / comment out that line above if you want to try an injection)
$r = mysql_query("select rid,tlc,postcode,name from railuse ".
"where name like '%$lookfor%'");
# nasty thing to try:
# ' and postcode like 'ws
# searching by postcode even though script is by name
# ss' or postcode like 'ws
# adding in extra records even if they don't match
# Study your MySQL to find how to include things like
# "Drop Database" as a subcommand ... :-( ...
# See - alternative ways in mysqli and PDO:: routines
while ($row = mysql_fetch_assoc($r)) {
$result .= "<br />$row[name]";
}
?>
<html>
<head>
<title>Injection Attack Demo</title>
</head>
<body>
<h1>BAD EXAMPLE - do not copy to your system</h1>
<form>
Search for: <input name="search" size="60" /> and <input type=submit />
</form>
<hr />
Results from last time<br /><br >
<?php print($result); ?>
<br />
Copyright, etc
</body>
</html>
Learn about this subject
This module and example are covered on the following public courses:
* Learning to program in PHP
* PHP Programming
* PHP Programming
* Learning to program in PHP
Also available on on site courses for larger groups
* Learning to program in PHP
* PHP Programming
* PHP Programming
* Learning to program in PHP
Also available on on site courses for larger groups
Books covering this topic
Yes. We have over 700 books in our library. Books
covering PHP are listed here and when you've selected a
relevant book we'll link you on to Amazon to order.
Other Examples
This example comes from our "Security in PHP" training module. You'll find a description of the topic and some
other closely related examples on the "Security in PHP" module index page.
Full description of the source code
You can learn more about this example on the training courses listed on this page,
on which you'll be given a full set of training notes.
Many other training modules are available for download (for limited use) from our download centre under an Open Training Notes License.
Many other training modules are available for download (for limited use) from our download centre under an Open Training Notes License.
Other resources
• Our Solutions centre provides a number of longer technical articles.
• Our Opentalk forum archive provides a question and answer centre.
• The Horse's mouth provides a daily tip or thought.
• Further resources are available via the resources centre.
• All of these resources can be searched through through our search engine
• And there's a global index here.
• Our Opentalk forum archive provides a question and answer centre.
• The Horse's mouth provides a daily tip or thought.
• Further resources are available via the resources centre.
• All of these resources can be searched through through our search engine
• And there's a global index here.
Purpose of this website
This is a sample program, class demonstration or answer from a
training course. It's main purpose
is to provide an after-course service to customers who have attended our
public private or
on site courses, but the examples are made
generally available under conditions described below.
Web site author
Conditions of use
Past attendees on our training courses are welcome to use individual
examples in the course of their programming, but must check
the examples they use to ensure that they are suitable for their
job. Remember that some of our examples show you how not to do
things - check in your notes. Well House Consultants take no responsibility
for the suitability of these example programs to customer's needs.
This program is copyright Well House Consultants Ltd. You are forbidden from using it for running your own training courses without our prior written permission. See our page on courseware provision for more details.
Any of our images within this code may NOT be reused on a public URL without our prior permission. For Bona Fide personal use, we will often grant you permission provided that you provide a link back. Commercial use on a website will incur a license fee for each image used - details on request.
This program is copyright Well House Consultants Ltd. You are forbidden from using it for running your own training courses without our prior written permission. See our page on courseware provision for more details.
Any of our images within this code may NOT be reused on a public URL without our prior permission. For Bona Fide personal use, we will often grant you permission provided that you provide a link back. Commercial use on a website will incur a license fee for each image used - details on request.
PH: 01144 1225 708225 • EMAIL: info@wellho.net • WEB: http://www.wellho.net • SKYPE: wellho
PAGE: http://www.wellho.net/resources/ex.php4 • PAGE BUILT: Sun Oct 11 14:50:09 2020 • BUILD SYSTEM: JelliaJamb