易受攻击的PHP代码示例? [英] Examples of vulnerable PHP code?

问题描述

好吧，所以我和一个朋友正在做一个关于PHP安全性的小型演示文稿(尽管我不是真的对PHP感兴趣)，他要求我找到一些易受攻击的PHP代码的示例(一个容易受到SQL注入以及其他所有攻击的影响)攻击类型).我想知道是否有网站同时提供好坏代码，说明您应该和不应该进行编码?

Ok so me and a friend are doing a mini presentation on PHP security (I'm not really into PHP though) and he asked me to find some examples of vulnerable PHP code (one that is prone to SQL injections and all other types of attacks). I was wondering are there any websites with both good and bad pieces of code showing how you should and shouldn't code?

基本上，我会将它们放入我们的网站，他将尝试对其进行黑客攻击，然后我们将显示适当"的网站，他将尝试对其进行再次黑客攻击.

Basically I will put them into our website and he will try to hack it, then we will show the "proper" website and he will try to hack it again.

推荐答案

SQL注入很简单:

$var = $_POST['var'];
mysql_query("SELECT * FROM sometable WHERE id = $var");

这很容易解决:

$var = mysql_real_escape_string($_POST['var']);

另一种常见的是 XSS(跨站点脚本):

$var = $_POST['var'];
echo "<div>$var</div>\n";

允许您注入从您的站点运行的Javascript.有几种解决方法，例如:

allows you to inject Javascript that is run from your site. There are several ways of dealing with this, for example:

$var = strip_tags($_POST['var']);

和

$var = filter_var($_POST['var'], FILTER_SANITIZE_STRING);

这篇关于易受攻击的PHP代码示例?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！