1720870761

🕵️‍♀️Low-level hackers only break into applications built like this...


If you've already started building some applications and websites this way, know that they will break your whole system. Here is an example of simple PHP code that is vulnerable to several common forms of attack, such as SQL Injection, Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF): ```php <?php // Database connection (using plain text credentials) $conn = new mysqli("localhost", "root", "password", "database"); // Check the connection if ($conn->connect_error) { die("Connection failed: " . $conn->connect_error); } // Vulnerable to SQL Injection if (isset($_GET['id'])) { $id = $_GET['id']; $sql = "SELECT * FROM users WHERE id = $id"; $result = $conn->query($sql); if ($result->num_rows > 0) { while ($row = $result->fetch_assoc()) { echo "ID: " . $row["id"] . " - Name: " . $row["name"] . "<br>"; } } else { echo "0 results"; } } // Login form vulnerable to XSS if ($_SERVER["REQUEST_METHOD"] == "POST") { $username = $_POST['username']; $password = $_POST['password']; echo "You entered username: $username and password: $password<br>"; // Login verification vulnerable to SQL Injection $sql = "SELECT * FROM users WHERE username = '$username' AND password = '$password'"; $result = $conn->query($sql); if ($result->num_rows > 0) { echo "Login successful!<br>"; } else { echo "Incorrect username or password."; } } ?> <!DOCTYPE html> <html> <head> <title>Vulnerable Example</title> </head> <body> <h2>Login Form</h2> <form method="post" action=""> Username: <input type="text" name="username"><br> Password: <input type="password" name="password"><br> <input type="submit" value="Login"> </form> </body> </html> ``` # <br>Security problems in the code ## <br>1. SQL Injection: + The SQL query SELECT **FROM users WHERE id = $id** is vulnerable to SQL Injection because the value of **$id** comes directly from the user's input. + The SQL query SELECT **FROM users WHERE username = '$username' AND password = '$password'** is also vulnerable to SQL Injection. ## <br>2. Cross-Site Scripting (XSS): + User input (username and password) is displayed directly in the HTML without any escaping, which allows the injection of malicious scripts. ## <br>3. Cross-Site Request Forgery (CSRF): + The login form has no protection against CSRF, allowing an attacker to send requests on behalf of the user without their consent. If you want to know how to make your applications more secure, leave a comment here and I'll show you how to do it better.

(0) Comments

Welcome to Chat-to.dev, a space for both novice and experienced programmers to chat about programming and share code in their posts.

About | Privacy | Terms | Donate
[2024 © Chat-to.dev]