dongyan1936 2014-09-01 06:11
浏览 22
已采纳

过滤后运行带有cookie的数据库查询是否仍然容易受到SQL注入或类似的攻击?

Example:

Database Connect and Filter

//Initialize MySQLi connection
$db = new mysqli($_CONFIG['mysql']['hostname'], $_CONFIG['mysql']['username'], $_CONFIG['mysql']['password'], $_CONFIG['mysql']['database']);
if ($db->connect_errno) {
    die("MySQLi error: ".$db->connect_error);
}

//filter injections
function filter($var)
{
    global $db;
    return $db->real_escape_string(stripslashes(htmlspecialchars($var)));
}

Set cookie after a successful login, check cookie and re-update each time

if(login) {
// after successful login
$cookiehash = md5(sha1($_SESSION['user_id'] . $recentIP));
$db->query('UPDATE users SET loginHash = "'.filter($cookiehash).'" WHERE id = '.filter($_SESSION['user_id']).'') or die(mysqli_error($db));
setcookie("customCookie",$cookiehash,time()+3600*24*365,'/','.'.$_SERVER['HTTP_HOST'].'');

}


// if the cookie is set, update expiration and set session id
    CheckCookieLogin() {
            global $db;
            if (!empty($_COOKIE['customCookie'])) {
            $cookie = $_COOKIE['customCookie']; 
            $query = $db->query('SELECT * FROM users WHERE loginHash = "'.filter($cookie).'"');

            if($query->num_rows > 0) {
            $_SESSION['user_id'] = 1;
            // reset expiry date
            setcookie("customCookie",$cookie,time()+3600*24*365,'/','.'.$_SERVER['HTTP_HOST'].'');
            }

        }
    }

Would this still be vulnerable to any sort of injection attack?

  • 写回答

1条回答 默认 最新

  • 普通网友 2014-09-01 08:17
    关注

    The cookie is stored on the client's computer, and thus vurnerable to attack. So called 'Cookie Poisoning attacks'. So treat the content with care. This is what you seem to do with your filter() routine.

    It can still be improved however. What if you could check whether the cookie has been modified, without having to access your database? This might seem more difficult than it is.

    A simple method is adding some sort of checksum to the content of the cookie, something you can check but is not obvious to the hacker. The hacker would first have to figure out what you're doing, before he, or she, can even start to change the data that enters your SQL statement. It is the difference between accepting any content from the cookie and put it in an SQL statement, or only accepting content which you can verify not to have been modified.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 2020长安杯与连接网探
  • ¥15 关于#matlab#的问题:在模糊控制器中选出线路信息,在simulink中根据线路信息生成速度时间目标曲线(初速度为20m/s,15秒后减为0的速度时间图像)我想问线路信息是什么
  • ¥15 banner广告展示设置多少时间不怎么会消耗用户价值
  • ¥16 mybatis的代理对象无法通过@Autowired装填
  • ¥15 可见光定位matlab仿真
  • ¥15 arduino 四自由度机械臂
  • ¥15 wordpress 产品图片 GIF 没法显示
  • ¥15 求三国群英传pl国战时间的修改方法
  • ¥15 matlab代码代写,需写出详细代码,代价私
  • ¥15 ROS系统搭建请教(跨境电商用途)