Hacking Book | Free Online Hacking Learning


the process of sql injection and logic vulnerability penetration test for a customer's website

Posted by truschel at 2020-04-15

The weather is getting cooler and cooler. While conducting penetration test and vulnerability test on customer website code, our sine security penetration technology should

The customer's website source code carries out all-round security inspection and audit. Only by truly understanding the website can we better penetrate the test and find out

The loopholes in the website make the customer's website achieve the best security protection before going online as much as possible. In the later website, the platform is developed quickly

In the process of exhibition, avoid the economic loss caused by major loopholes

First of all, let's share the penetration test process of our sine security on the customer's financial platform in the previous period. We found that during the code audit

The first thing we see is the PHP language + MySQL database used by the customer's website. The front end also uses the Vue JS framework, which is infiltrating

Before the penetration test, we need to check whether the source code of the customer's website is encrypted and confused, and then check whether the PHP file corresponds to the URL

Address, whether it is called or a separate PHP function page, and whether the code of the entry file and the index.php homepage access page is the same

Zhihua. What we need to know next is the directory of the entire financial platform website, including which function directories. This time, we checked the customer network

The station has member registration function, image upload function, bank card addition, recharge, withdrawal, investment record, opinion and feedback, personal data modification, etc

And other functions.

Our sine security is conducting the security audit of the website code. The audit method adopted is sensitive function and tracking and debugging of the transmission value

Methods to check whether the code contains malicious code and potential vulnerabilities, and whether it can lead to website vulnerabilities, including some logic leaks

Hole, vertical, parallel ultra - power loopholes

After a general code audit, it is found that some PHP files have SQL injection vulnerabilities, and there is no switch to close the quotation marks, which results in front-end transmission

Enter the malicious parameter value, and pass it to the database for execution, especially in the news bulletin column, newxinxi. PHP? Id = 18, after opening

Call the news content in the database directly, but the value of ID does not limit the input of Chinese and special characters, resulting in direct execution to the back end

When the database of is gone, our sine security technology immediately fixes the vulnerability of the customer's website, limiting the value of id = to a number, no

Special characters such as Chinese are allowed


Lead to

There is also a remote code writing vulnerability in the web site, which may cause the web site to be uploaded to webshell, and then cause the permissions of the web site and the permissions of the server

Let's take a look at how the variable value is written and assigned, $page, $dir = dirname (\

. '/.. / backup /' this backup is a customized backup directory. Dirname is the output file name. When we use helper

When defining this class, the if statement in the code will be called to determine whether the condition is met. If it is met, remote insertion can be caused

Malicious code, or construct malicious code to execute, and output malicious files to the website directory, such as webshell

The above is part of the vulnerabilities found in the penetration test service of sine security on the customer website, and how to do the code security

Audit, sharing of vulnerability testing process, if the website is attacked during operation, data is tampered with, etc,

Website security companies provide penetration testing services. In China, sinesafe, green alliance and Qiming star are all compared

However, it is necessary to find and fix the loopholes, so as to make the security protection of the website reach the acme before going online

More people are expected to learn about penetration testing services