常見Web攻擊

時間 2019-12-04

標籤常見 web 攻擊欄目 HTML 简体版

原文原文鏈接

1、SQL注入

　　1. sql注入的危害　

非法讀取、篡改、刪除數據庫中的數據
盜取用戶的各種敏感信息，獲取利益
經過修改數據庫來修改網頁上的內容
注入木馬等

2. 實例

MYSQLDB
	# 經過在用戶名裏面構建一個sql語句，達到了咱們在執行sql語句的時候永遠爲真的狀況
	# username = '~ OR 1=1'
	username = request.POST.get('username')
	password = request.POST.get('password')
	import MySQLdb
	conn = MySQLdb.connect(host='127.0.0.1', user='root', db='mxonline', password='0000')
	cursor = conn.cursor()
	sql_select = "select * from users_userprofile where email='{0}' and password='{1}'".format(username, password)

	result = cursor.execute(sql_select)
	for row in cursor.fetchall():
		# 查詢到全部用戶

　　3. 防範

mysqldb
	c=db.cursor()
	max_price=5
	c.execute("""SELECT spam, eggs, sausage FROM breakfast
			  WHERE price < %s""", [max_price])
			  
sqlalchemy
	from sqlalchemy.orm import sessionmaker
	from sqlalchemy import create_engine
	from sqlalchemy.orm import scoped_session
	from models import Student,Course,Student2Course

	engine = create_engine(
			"mysql+pymysql://root:123456@127.0.0.1:3306/s9day120?charset=utf8",
			max_overflow=0,  # 超過鏈接池大小外最多建立的鏈接
			pool_size=5,  # 鏈接池大小
			pool_timeout=30,  # 池中沒有線程最多等待的時間，不然報錯
			pool_recycle=-1  # 多久以後對線程池中的線程進行一次鏈接的回收（重置）
		)
	SessionFactory = sessionmaker(bind=engine)
	session = scoped_session(SessionFactory)
	
	cursor = session.execute('INSERT INTO users(name) VALUES(:value)', params={"value": 'zhangyafei'})
	session.commit()
	print(cursor.lastrowid)
	
	from sqlalchemy.sql import text
	t = text("select * from test where id= :tid")
	conn.execute(t, tid=1).fetchall()
	
flask-sqlalchemy
	db = SQLAlchemy(app)
	conn = db.session.connection()

	@app.route('/')
	def index():
		rv = conn.execute('select * from test where id = %s', [1])
		return jsonify(rv)
		
pymysql
	def fetchall(sql, arg=list(), type=pymysql.cursors.DictCursor):
		conn, cursor = connect(type)
		cursor.execute(sql, arg)
		data = cursor.fetchall()
		connect_close(conn, cursor)
		return data

2、xss攻擊

　　1.xss跨站腳本攻擊(Cross Site Scripting)的危害

盜取各種用戶的帳號，如用戶網銀帳號、各種管理員帳號
盜竊企業重要的具備商業價值的資料
非法轉帳
控制受害者機器向其餘網站發起攻擊、注入木馬等等

　　2.xss攻擊防範

首先在代碼裏對用戶輸入的地方和變量都須要仔細檢查長度和對"<",">",",","'"等字符進行過濾
避免直接在cookie中泄露用戶隱私，例如email、密碼等等經過使cookie和系統ip綁定來下降cookie泄露後的危險
儘可能使用POST而非GET提交表單

　　3. xssf防範代碼

#!/usr/bin/env python
# -*- coding:utf-8 -*-
from bs4 import BeautifulSoup


class XSSFilter(object):
    __instance = None

    def __init__(self):
        # XSS白名單
        self.valid_tags = {
            "font": ['color', 'size', 'face', 'style'],
            'b': [],
            'div': [],
            "span": [],
            "table": [
                'border', 'cellspacing', 'cellpadding'
            ],
            'th': [
                'colspan', 'rowspan'
            ],
            'td': [
                'colspan', 'rowspan'
            ],
            "a": ['href', 'target', 'name'],
            "img": ['src', 'alt', 'title'],
            'p': [
                'align'
            ],
            "pre": ['class'],
            "hr": ['class'],
            'strong': []
        }

    def __new__(cls, *args, **kwargs):
        """
        單例模式
        :param cls:
        :param args:
        :param kwargs:
        :return:
        """
        if not cls.__instance:
            obj = object.__new__(cls, *args, **kwargs)
            cls.__instance = obj
        return cls.__instance

    def process(self, content):
        soup = BeautifulSoup(content, 'html.parser')
        # 遍歷全部HTML標籤
        for tag in soup.find_all(recursive=True):
            # 判斷標籤名是否在白名單中
            if tag.name not in self.valid_tags:
                tag.hidden = True
                if tag.name not in ['html', 'body']:
                    tag.hidden = True
                    tag.clear()
                continue
            # 當前標籤的全部屬性白名單
            attr_rules = self.valid_tags[tag.name]
            keys = list(tag.attrs.keys())
            for key in keys:
                if key not in attr_rules:
                    del tag[key]

        return soup.decode()


if __name__ == '__main__':
    html = """<p class="title">
                        <b>The Dormouse's story</b>
                    </p>
                    <p class="story">
                        <div name='root'>
                            Once upon a time there were three little sisters; and their names were
                            <a href="http://example.com/elsie" class="sister c1" style='color:red;background-color:green;' id="link1"><!-- Elsie --></a>
                            <a href="http://example.com/lacie" class="sister" id="link2">Lacie</a> and
                            <a href="http://example.com/tillie" class="sister" id="link3">Tilffffffffffffflie</a>;
                            and they lived at the bottom of a well.
                            <script>alert(123)</script>
                        </div>
                    </p>
                    <p class="story">...</p>"""

    obj = XSSFilter()
    v = obj.process(html)
    print(v)