Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
5 views11 pages

Note Hacking Tool Skill Linux

Uploaded by

nguyenductoan651138
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
5 views11 pages

Note Hacking Tool Skill Linux

Uploaded by

nguyenductoan651138
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 11

NOTE HACKING TOOL SKILL LINUX

1 SQL INJECTION SQLMAP

Việc đoán email và password không chính xác

Thêm kí tự (‘) vào password’


Mã ứng dụng sau hậu trường
SELECT *
FROM users
WHERE email = '[email protected]'
AND password = 'password''
Hành vi này gây ra tổn thương cho database chèn sql

SELECT *
FROM users
WHERE email = '[email protected]'
AND password = ''or 1=1 --'  oke
// Connect to the database.
Connection conn = DriverManager.getConnection(URL, USER, PASS);

// Construct the SQL statement we want to run, specifying the


parameter.
String sql = "SELECT * FROM users WHERE email = ?";
// Generate a prepared statement with the placeholder parameter.
PreparedStatement stmt = conn.prepareStatement(sql);

// Bind email value into the statement at parameter index 1.


stmt.setString(1, email);

// Run the query...


ResultSet results = stmt.executeQuery(sql);

while (results.next())
{
// ...do something with the data returned.
}
Đối chiếu điều này với cấu trúc rõ ràng của chuỗi SQL, đó là rất, rất nguy hiểm:
// The user we want to find.
String email = "[email protected]";

// Connect to the database.


Connection conn = DriverManager.getConnection(URL, USER, PASS);
Statement stmt = conn.createStatement();

// Bad, bad news! Don't construct the query with string concatenation.
String sql = "SELECT * FROM users WHERE email = '" + email + "'";

// I have a bad feeling about this...


ResultSet results = stmt.executeQuery(sql);

while (results.next()) {
// ...oh look, we got hacked.
}

def current_user(email)
# The 'User' object is an Active Record object, that has find methods
# auto-magically generated by Rails.
User.find_by_email(email)
end

def current_user(email)
# This code would be vulnerable to a maliciously crafted email
parameter.
User.where("email = '" + email + "'")
end
def current_user(id)
User.where("id = " + id)
end
Mẫu mã
Các mẫu mã dưới đây minh họa các phương pháp tốt và xấu khi cố gắng bảo vệ
chống lại SQL injection.
Nút
Nút-sql
var sql = require('sql');

// Queries are constructed as parameterized by default.


var query = user.select(user.star()))
.from(user)
.where(
user.email.equals(email)
).toQuery();
mysql
var mysql = require('mysql');

var connection = mysql.createConnection({


host : HOST,
user : USERNAME,
password : PASSWORD
});

connection.connect();

// Query and parameters passed separately.


connection.query(
'select * from users where email = ?',
[email],
function(err, rows, fields) {
// Do something with the retrieved data.
});

connection.end();
Pg
var pg = require('pg');

var connection = "postgres://username:password@localhost/database";

var client = new pg.Client(connection);

// Query and parameters passed separately.


client.connect(function(err) {
client.query(
'select * from users where email = ?',
[email],
function(err, result) {
// Do something with the retrieved data.
});
});

client.end();
Python
DB 2.0 API

# SQL and parameter is sent off separately to the database driver.


cursor.execute("select user_id, user_name from users where email = ?",
email)

for row in cursor.fetchall():


print row.user_id, row.user_name
# String concatenation is vulnerable.
cursor.execute("select user_id, user_name from users where email =
'%s'" % email)

for row in cursor.fetchall():


print row.user_id, row.user_name
Django
# Fetch using a user using native ORM syntax, good.
Users.objects.filter(email=email)
# Fetch a user using raw SQL, also safe.
Users.objects.raw("select * from users where email = %s", [email])
# Liable to get hacked.
Users.objects.raw("select * from users where email = '%s'" % email)
Ruby
Hồ sơ hoạt động
def current_user(email)
User.find_by_email(email)
end
def current_user(email)
User.where("email = '" + email + "'")
end
Sequel
def current_user(email)
User.where(:email=>email)
end
def current_user(email)
User.where("email = #{params[:email]}")
end
Java
JDBC
// Connect to the database.
Connection conn = DriverManager.getConnection(URL, USER, PASS);

// Construct the SQL statement we want to run, specifying the


parameter.
String sql = "SELECT * FROM users WHERE email = ?";

// Generate a prepared statement with the placeholder parameter.


PreparedStatement stmt = conn.prepareStatement(sql);

// Bind email value into the statement at parameter index 1.


stmt.setString(1, email);

// Run the query...


ResultSet results = stmt.executeQuery(sql);

while (results.next())
{
// ...do something with the data returned.
}
// The user we want to find.
String email = "[email protected]";

// Connect to the database.


Connection conn = DriverManager.getConnection(URL, USER, PASS);
Statement stmt = conn.createStatement();
// Bad, bad news! Don't construct the query with string concatenation.
String sql = "SELECT * FROM users WHERE email = '" + email + "'";

// I have a bad feeling about this...


ResultSet results = stmt.executeQuery(sql);

while (results.next()) {
// ...oh look, we got hacked.
}
Hibernate
@Entity
public class User {
@Id
@GeneratedValue
Long id;

@NaturalId
String email;
}

// ORM will ensure safe passing of the 'email' parameter.


return session.bySimpleNaturalId(User.class).load(email);
Spring
public Customer findUserByEmail(String email) {
String sql = "select * from users where email = ?";

User user = (User) getJdbcTemplate().queryForObject(


sql, // SQL statement...
new Object[] { email }, // ...separate from parameters.
new UserRowMapper());

return user;
}
C#
Máy khách SqlClient
// Create the SQL command.
SqlCommand command = new SqlCommand("select * from Users where
email = @email", conn);

// Add the parameter values in separately.


command.Parameters.Add(new SqlParameter("email", email);

using (SqlDataReader reader = command.ExecuteReader())


{
while (reader.Read())
{
// Do something with the retrieved data.
}
}
LINQ
using (ServiceContext ctx = new ServiceContext(...))
{
// LINQ will ensure safe passing of parameters.
var users = from user in ctx.Users
where user.email equals email
select user;

foreach (var user in users)


{
// Do something with the retrieved data
}
}
PHP
$statement = $dbh->prepare("select * from users where email = ?");
$statement->execute(array(email));

Cross-Site Scripting

Bằng cách đặt chính sách bảo mật nội dung trong tiêu đề phản hồi, bạn có thể
Yêu cầu trình duyệt không bao giờ thực thi JavaScript nội tuyến và khóa miền
nào có thể lưu trữ JavaScript cho một trang:
Content-Security-Policy: script-src 'self' https://apis.google.com
Bằng cách liệt kê các URI mà từ đó các tập lệnh có thể được tải, bạn
ngầm tuyên bố rằng JavaScript nội tuyến không được phép.
Chính sách bảo mật nội dung cũng có thể được đặt trong thẻ trong phần
tử của trang:<meta><head>
<meta http-equiv="Content-Security-Policy"
content="script-src 'self' https://apis.google.com">

You might also like