直接使用GET和POST有哪些漏洞? [英] what are the vulnerabilities in direct use of GET and POST?
问题描述
我想直接使用GET和POST变量时知道有哪些漏洞。
即不带修剪和addslashes功能和mysql转义字符串的东西。
我的问题是
在使用GET和POST时我们还需要照顾。
有类似SQL注入攻击吗?
一般来说,不仅限于GET和POST,还包括来自系统外部的任何数据(包括网络应用程序中的cookie):
几乎所有的漏洞都归结为The用户可以在他们将输入传递给上下文的情况下运行他们喜欢的任何代码。
- 如果您将它传递给SQL数据库,运行任何他们喜欢的SQL。
- 如果你将它传递给一个HTML文档,他们可以添加他们喜欢的任何标记(包括JavaScript)
- 如果你传递给系统shell,他们可以运行他们喜欢的任何系统命令。
- 如果你运行用一个他们选择的名字的文件,他们可以打开他们喜欢的任何文件。
等。
您需要考虑您对数据的处理方式。寻找一份可能的事情列表,当接受世界上任何系统受污染的输入时,可能会出错的列表不会产生一个详尽的列表。
:忘记addslashes(它不是有效的),忘记mysql_real_escape(它很容易犯一个错误)。使用参数化查询:如何防止PHP中的SQL注入?
i want to know what are the vulnerabilities while using the GET and POST variable directly. ie with out trimming and addslashes function and mysql escape string something like that.
My Question is
What more we need to take care of while playing with GET and POST.
What kind of attacks are there like SQL injection?
In general, and not limited to GET and POST but also to any data that comes from outside the system (including cookies in the case of web applications):
Almost all vulnerabilities come down to "The user can run whatever code they like in the context you pass their input to".
- If you pass it to an SQL database, they can run any SQL they like.
- If you pass it to an HTML document, they can add any markup they like (including JavaScript)
- If you pass it to the system shell, they can run any system command they like.
- If you open a file with the name they pick, they can open any file they like. etc.
You need to think about what you are doing with the data. Looking for a list of possible things that can go wrong when accepting tainted input into any system in the world isn't going to produce an exhaustive list.
And as an aside: forget addslashes (it isn't effective), forget mysql_real_escape (it's too easy to make a mistake with it). Use parameterized queries: How can I prevent SQL injection in PHP?
这篇关于直接使用GET和POST有哪些漏洞?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
