安全检测,第三方劫持,SQL盲注等
安全检测
常见Web应用安全问题:
1、跨站脚本攻击(CSS or XSS, Cross Site Scripting)
2、SQL注入攻击(SQL injection)
3、远程命令执行(Code execution,个人觉得译成代码执行并不确切)
4、目录遍历(Directory traversal)
5、文件包含(File inclusion)
6、脚本代码暴露(Script source code disclosure)
7、Http请求头的额外的回车换行符注入(CRLF injection/HTTP response splitting)
8、跨帧脚本攻击(Cross Frame Scripting)
9、PHP代码注入(PHP code injection)
10、XPath injection
11、Cookie篡改(Cookie manipulation)
12、URL重定向(URL redirection)
13、Blind SQL/XPath injection for numeric/String inputs
14、Google Hacking
SQL盲注
首先,注入攻击的本质,是把用户输入的数据当做代码执行
这里有两个关键条件:
1、用户能够控制输入,
2、原本程序要执行的代码,拼接了用户输入的数据。
more and more 百度搜索SQL盲注一大堆,在这里不说了;
vue3项目举例
技术栈 : vue3、axios
main.js添加:
import axios from "axios";
import qs from "qs";
import sign from 'sign';
//配置axios拦截器 拦截所有请求添加参数签名
axios.interceptors.request.use(config => {
//1 post 请求
let dataStr = config.data?config.data:null;
let data = qs.parse(dataStr);
//2 get 请求
let params = config.params?config.params:null;
let url = config.url.includes('?')? config.url.split('?')[1]:'';
let urlParams ={};
if(url){
urlParams = qs.parse(url)
}
let obj = Object.assign(urlParams, params, data);
let salt = "自己写点小编码";//私钥
//3 参数签名
let sign = sign(obj, salt);
config.params = Object.assign({}, params, {sign});
return config;
}, err => {
return Promise.reject(err)
});
sign文件代码分享
function SHA1 (msg) {
function rotate_left(n,s) {
var t4 = ( n<<s ) | (n>>>(32-s));
return t4;
}
function cvt_hex(val) {
var str="";
var i;
var v;
for( i=7; i>=0; i-- ) {
v = (val>>>(i*4))&0x0f;
str += v.toString(16);
}
return str;
}
function Utf8Encode(string) {
string = string.replace(/\r\n/g,"\n");
var utftext = "";
for (var n = 0; n < string.length; n++) {
var c = string.charCodeAt(n);
if (c < 128) {
utftext += String.fromCharCode(c);
}
else if((c > 127) && (c < 2048)) {
utftext += String.fromCharCode((c >> 6) | 192);
utftext += String.fromCharCode((c & 63) | 128);
}
else {
utftext += String.fromCharCode((c >> 12) | 224);
utftext += String.fromCharCode(((c >> 6) & 63) | 128);
utftext += String.fromCharCode((c & 63) | 128);
}
}
return utftext;
}
var blockstart;
var i, j;
var W = new Array(80);
var H0 = 0x67452301;
var H1 = 0xEFCDAB89;
var H2 = 0x98BADCFE;
var H3 = 0x10325476;
var H4 = 0xC3D2E1F0;
var A, B, C, D, E;
var temp;
msg = Utf8Encode(msg);
var msg_len = msg.length;
var word_array = new Array();
for( i=0; i<msg_len-3; i+=4 ) {
j = msg.charCodeAt(i)<<24 | msg.charCodeAt(i+1)<<16 |
msg.charCodeAt(i+2)<<8 | msg.charCodeAt(i+3);
word_array.push( j );
}
switch( msg_len % 4 ) {
case 0:
i = 0x080000000;
break;
case 1:
i = msg.charCodeAt(msg_len-1)<<24 | 0x0800000;
break;
case 2:
i = msg.charCodeAt(msg_len-2)<<24 | msg.charCodeAt(msg_len-1)<<16 | 0x08000;
break;
case 3:
i = msg.charCodeAt(msg_len-3)<<24 | msg.charCodeAt(msg_len-2)<<16 | msg.charCodeAt(msg_len-1)<<8 | 0x80;
break;
}
word_array.push( i );
while( (word_array.length % 16) != 14 ) word_array.push( 0 );
word_array.push( msg_len>>>29 );
word_array.push( (msg_len<<3)&0x0ffffffff );
for ( blockstart=0; blockstart<word_array.length; blockstart+=16 ) {
for( i=0; i<16; i++ ) W[i] = word_array[blockstart+i];
for( i=16; i<=79; i++ ) W[i] = rotate_left(W[i-3] ^ W[i-8] ^ W[i-14] ^ W[i-16], 1);
A = H0;
B = H1;
C = H2;
D = H3;
E = H4;
for( i= 0; i<=19; i++ ) {
temp = (rotate_left(A,5) + ((B&C) | (~B&D)) + E + W[i] + 0x5A827999) & 0x0ffffffff;
E = D;
D = C;
C = rotate_left(B,30);
B = A;
A = temp;
}
for( i=20; i<=39; i++ ) {
temp = (rotate_left(A,5) + (B ^ C ^ D) + E + W[i] + 0x6ED9EBA1) & 0x0ffffffff;
E = D;
D = C;
C = rotate_left(B,30);
B = A;
A = temp;
}
for( i=40; i<=59; i++ ) {
temp = (rotate_left(A,5) + ((B&C) | (B&D) | (C&D)) + E + W[i] + 0x8F1BBCDC) & 0x0ffffffff;
E = D;
D = C;
C = rotate_left(B,30);
B = A;
A = temp;
}
for( i=60; i<=79; i++ ) {
temp = (rotate_left(A,5) + (B ^ C ^ D) + E + W[i] + 0xCA62C1D6) & 0x0ffffffff;
E = D;
D = C;
C = rotate_left(B,30);
B = A;
A = temp;
}
H0 = (H0 + A) & 0x0ffffffff;
H1 = (H1 + B) & 0x0ffffffff;
H2 = (H2 + C) & 0x0ffffffff;
H3 = (H3 + D) & 0x0ffffffff;
H4 = (H4 + E) & 0x0ffffffff;
}
temp = cvt_hex(H0) + cvt_hex(H1) + cvt_hex(H2) + cvt_hex(H3) + cvt_hex(H4);
return temp.toLowerCase();
}
/**
* 生成签名
* @param param {}
* @returns sign
*/
function sign (param, salt) {
var keys = [];
var str = "";
if(param) {
for(let key in param) {
keys.push(key);
}
}
keys.sort(function(a, b) {
return a.localeCompare(b);
});
for(var i= 0; i < keys.length; i++) {
let key = keys[i];
var value = param[key];
str += key;
if(value != undefined) {
str += value;
}
}
str += salt;
return SHA1(str);
}
export default sign;