zoukankan      html  css  js  c++  java

  • 常见Web攻击

    一、SQL注入

      1. sql注入的危害 

    • 非法读取、篡改、删除数据库中的数据
    • 盗取用户的各类敏感信息,获取利益
    • 通过修改数据库来修改网页上的内容
    • 注入木马等

    2. 实例

    MYSQLDB
	# 通过在用户名里面构建一个sql语句,达到了我们在执行sql语句的时候永远为真的情况
	# username = '~ OR 1=1'
	username = request.POST.get('username')
	password = request.POST.get('password')
	import MySQLdb
	conn = MySQLdb.connect(host='127.0.0.1', user='root', db='mxonline', password='0000')
	cursor = conn.cursor()
	sql_select = "select * from users_userprofile where email='{0}' and password='{1}'".format(username, password)

	result = cursor.execute(sql_select)
	for row in cursor.fetchall():
		# 查询到所有用户

      3. 防范

    mysqldb
	c=db.cursor()
	max_price=5
	c.execute("""SELECT spam, eggs, sausage FROM breakfast
			  WHERE price < %s""", [max_price])
			  
sqlalchemy
	from sqlalchemy.orm import sessionmaker
	from sqlalchemy import create_engine
	from sqlalchemy.orm import scoped_session
	from models import Student,Course,Student2Course

	engine = create_engine(
			"mysql+pymysql://root:123456@127.0.0.1:3306/s9day120?charset=utf8",
			max_overflow=0,  # 超过连接池大小外最多创建的连接
			pool_size=5,  # 连接池大小
			pool_timeout=30,  # 池中没有线程最多等待的时间,否则报错
			pool_recycle=-1  # 多久之后对线程池中的线程进行一次连接的回收(重置)
		)
	SessionFactory = sessionmaker(bind=engine)
	session = scoped_session(SessionFactory)
	
	cursor = session.execute('INSERT INTO users(name) VALUES(:value)', params={"value": 'zhangyafei'})
	session.commit()
	print(cursor.lastrowid)
	
	from sqlalchemy.sql import text
	t = text("select * from test where id= :tid")
	conn.execute(t, tid=1).fetchall()
	
flask-sqlalchemy
	db = SQLAlchemy(app)
	conn = db.session.connection()

	@app.route('/')
	def index():
		rv = conn.execute('select * from test where id = %s', [1])
		return jsonify(rv)
		
pymysql
	def fetchall(sql, arg=list(), type=pymysql.cursors.DictCursor):
		conn, cursor = connect(type)
		cursor.execute(sql, arg)
		data = cursor.fetchall()
		connect_close(conn, cursor)
		return data

    二、xss攻击

      1.xss跨站脚本攻击(Cross Site Scripting)的危害

    • 盗取各类用户的账号,如用户网银账号、各类管理员账号
    • 盗窃企业重要的具有商业价值的资料
    • 非法转账
    • 控制受害者机器向其他网站发起攻击、注入木马等等

      2.xss攻击防范

    • 首先在代码里对用户输入的地方和变量都需要仔细检查长度和对"<",">",",","'"等字符进行过滤
    • 避免直接在cookie中泄露用户隐私,例如email、密码等等通过使cookie和系统ip绑定来降低cookie泄露后的危险
    • 尽量使用POST而非GET提交表单

      3. xssf防范代码

    #!/usr/bin/env python
# -*- coding:utf-8 -*-
from bs4 import BeautifulSoup


class XSSFilter(object):
    __instance = None

    def __init__(self):
        # XSS白名单
        self.valid_tags = {
            "font": ['color', 'size', 'face', 'style'],
            'b': [],
            'div': [],
            "span": [],
            "table": [
                'border', 'cellspacing', 'cellpadding'
            ],
            'th': [
                'colspan', 'rowspan'
            ],
            'td': [
                'colspan', 'rowspan'
            ],
            "a": ['href', 'target', 'name'],
            "img": ['src', 'alt', 'title'],
            'p': [
                'align'
            ],
            "pre": ['class'],
            "hr": ['class'],
            'strong': []
        }

    def __new__(cls, *args, **kwargs):
        """
        单例模式
        :param cls:
        :param args:
        :param kwargs:
        :return:
        """
        if not cls.__instance:
            obj = object.__new__(cls, *args, **kwargs)
            cls.__instance = obj
        return cls.__instance

    def process(self, content):
        soup = BeautifulSoup(content, 'html.parser')
        # 遍历所有HTML标签
        for tag in soup.find_all(recursive=True):
            # 判断标签名是否在白名单中
            if tag.name not in self.valid_tags:
                tag.hidden = True
                if tag.name not in ['html', 'body']:
                    tag.hidden = True
                    tag.clear()
                continue
            # 当前标签的所有属性白名单
            attr_rules = self.valid_tags[tag.name]
            keys = list(tag.attrs.keys())
            for key in keys:
                if key not in attr_rules:
                    del tag[key]

        return soup.decode()


if __name__ == '__main__':
    html = """<p class="title">
                        <b>The Dormouse's story</b>
                    </p>
                    <p class="story">
                        <div name='root'>
                            Once upon a time there were three little sisters; and their names were
                            <a href="http://example.com/elsie" class="sister c1" style='color:red;background-color:green;' id="link1"><!-- Elsie --></a>
                            <a href="http://example.com/lacie" class="sister" id="link2">Lacie</a> and
                            <a href="http://example.com/tillie" class="sister" id="link3">Tilffffffffffffflie</a>;
                            and they lived at the bottom of a well.
                            <script>alert(123)</script>
                        </div>
                    </p>
                    <p class="story">...</p>"""

    obj = XSSFilter()
    v = obj.process(html)
    print(v)
    xss.py

    三、CSRF攻击

      1. csrf跨站请求伪造(Cross-site request forgery)的危害

    • 以你名义发送邮件
    • 盗取你的账号
    • 购买商品
    • 虚拟货币转账

      2. 防范

    • 加上csrf token
  • 相关阅读:
    等保2.0实施流程
    Python 使用xlsxwriter绘制Excel表格
    洞悉DAST、SAST、IAST -- Web应用安全测试技术对比浅谈
    CVE-2020-5398:Spring MVC_RFD
    Power Apps component framework (PCF) 手把手入门实例
    Kali: MSF meterpreter command
    Kali: VMware network disappear
    FlashFXP最新密钥-FlashFXP永久授权注册码分享
    简洁404页面源码 | 自适应404页面HTML好看的404源码下载
    mysql下的information与concat
  • 原文地址:https://www.cnblogs.com/zhangyafei/p/10504533.html
Copyright © 2011-2022 走看看