보안

https://opentutorials.org/module/1514/9471

index.php

@@ -10,19 +10,19 @@
   <link rel="stylesheet" type="text/css" href="http://localhost/style.css">
 </head>
 <body id="target">
-    <header>
+	<header>
     <img src="https://s3-ap-northeast-1.amazonaws.com/opentutorialsfile/course/94.png" alt="생활코딩">
-        <h1><a href="http://localhost/index.php">JavaScript</a></h1>
+		<h1><a href="http://localhost/index.php">JavaScript</a></h1>
   </header>
-    <nav>
-        <ol>
+	<nav>
+		<ol>
     <?php
     while( $row = mysqli_fetch_assoc($result)){
-      echo '<li><a href="http://localhost/index.php?id='.$row['id'].'">'.$row['title'].'</a></li>'."\n";
+      echo '<li><a href="http://localhost/index.php?id='.$row['id'].'">'.htmlspecialchars($row['title']).'</a></li>'."\n";
     }
     ?>
-        </ol>
-    </nav>
+		</ ol>
+	</nav>
   <div id="control">
     <input type="button" value="white" onclick="document.getElementById('target').className='white'"/>
     <input type="button" value="black" onclick="document.getElementById('target').className='black'" />
@@ -34,9 +34,9 @@
       $sql = "SELECT topic.id,title,name,description FROM topic LEFT JOIN user ON topic.author = user.id WHERE topic.id=".$_GET['id'];
       $result = mysqli_query($conn, $sql);
       $row = mysqli_fetch_assoc($result);
-      echo '<h2>'.$row['title'].'</h2>';
-      echo '<p>'.$row['name'].'</p>';
-      echo $row['description'];
+      echo '<h2>'.htmlspecialchars($row['title']).'</h2>';
+      echo '<p>'.htmlspecialchars($row['name']).'</p>';
+      echo strip_tags($row['description'], '<a><h1><h2><h3><h4><h5><ul><ol><li>');
   }
   ?>
   </article>

php/5.php

@@ -0,0 +1,10 @@
+<html>
+  <head>
+    <title></title>
+  </head>
+  <body>
+    <?php
+       echo htmlspecialchars('<script>alert(1);</script>');
+    ?>
+  </body>
+</html>

phpjs/14.php

@@ -0,0 +1,24 @@
+<?php
+$conn = mysqli_connect("localhost", "root", 111111);
+mysqli_select_db($conn, "opentutorials");
+$name = mysqli_real_escape_string($conn, $_GET['name']);
+$password = mysqli_real_escape_string($conn, $_GET['password']);
+$sql = "SELECT * FROM user WHERE name='".$name."' AND password='".$password."'";
+echo $sql;
+$result = mysqli_query($conn, $sql);
+?>
+<!DOCTYPE html>
+<html>
+<head>
+     <meta charset="utf-8">
+</head>
+<body>
+  <?php
+  if($result->num_rows == "0"){
+    echo "뉘신지?";
+  } else {
+    echo "안녕하세요. 주인님";
+  }
+  ?>
+</body>
+</html>

process.php

@@ -1,17 +1,22 @@
 <?php
 $conn = mysqli_connect("localhost", "root", 111111);
 mysqli_select_db($conn, "opentutorials");
-$sql = "SELECT * FROM user WHERE name='".$_POST['author']."'";
+
+$title = mysqli_real_escape_string($conn, $_POST['title']);
+$author = mysqli_real_escape_string($conn, $_POST['author']);
+$description = mysqli_real_escape_string($conn, $_POST['description']);
+
+$sql = "SELECT * FROM user WHERE name='".$author."'";
 $result  = mysqli_query($conn, $sql);
 if($result->num_rows == 0){
-  $sql = "INSERT INTO user (name, password) VALUES('".$_POST['author']."', '111111')";
+  $sql = "INSERT INTO user (name, password) VALUES('".$author."', '111111')";
   mysqli_query($conn, $sql);
   $user_id = mysqli_insert_id($conn);
 } else {
   $row = mysqli_fetch_assoc($result);
   $user_id = $row['id'];
 }
-$sql = "INSERT INTO topic (title,description,author,created) VALUES('".$_POST['title']."', '".$_POST['description']."', '".$user_id."', now())";
+$sql = "INSERT INTO topic (title,description,author,created) VALUES('".$title."', '".$description."', '".$user_id."', now())";
 $result = mysqli_query($conn, $sql);
 header('Location: http://localhost/index.php');
 ?>