-
Notifications
You must be signed in to change notification settings - Fork 2
/
INJECTION
31 lines (22 loc) · 1.13 KB
/
INJECTION
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
Common injection attacks:
1. SQL: Uncleaned input with 's in it.
* integer get cast to ints first!
* _GET, _POST, _REQUEST, etc are already \ed.
if get_magic_quotes_gpc() is true
* add an sql_escape() function ...
2. HTML: cross-site scripting attacks
* Prevent output of < and > from selected/unknown strings.
Refusing to output the input if it contains < and >,
Use htmlspecialchars() to replace
3. PHP: include injection attacks
* register_globals on allows roots to be set in URLs. BAD.
* allow_url_fopen .. allows URLs to be accessed as files ?
* null byte injection in paths (uploads etc):
http://example.com/db/dbal.php?root_path=/path/to/image.jpg%00
That is also known as null byte injection. To better understand how
that works, try to append a chr(0) . 'asdfasdfasdf' to an include
that does work and you.ll see that it works just the same.
Allows root to be set and code to be executed after '%00'
Uploaded files shouldn't have code that can be executed,
needs to get a random name immediately ..
4. PHP: serialize() injection