就跟程式語言一樣
大同小異
會了一個之後其他都不難

最直覺的 ejs

變化超大的 pug

Web Security

最常見的兩個漏洞

  • SQL Injection
  • XSS

最常見的兩個漏洞

  • SQL Injection
  • XSS

可惜你都碰不到

SQL Injection

簡單的登入機制

function login(username, password){
    let result = mysql.query(
      `SELECT * FROM Users
       WHERE username = '${username}' AND password='${password}'`
    )

    // 有拿到資料,
    if (result.rows.length > 1) {
      return true;
    }
    return false;
}
SELECT * FROM Users
WHERE username = '${username}'
AND password='${password}'
SELECT * FROM Users
WHERE username = '${username}'
AND password='${password}'
SELECT * FROM Users
WHERE username = 'huli'
AND password='123abc'
SELECT * FROM Users
WHERE username = '' or 1=1#'
AND password=''
username = ' or 1=1#

登入成功!

SELECT * FROM Users
WHERE username = '' or 1=1#'
AND password=''
username = ' or 1=1#
SELECT * FROM Users
WHERE username = 'a' and 1=1#'
AND password=''
username = a' and 1=1#

可以用

任何人的身份登入!

UNION 指令

DEMO

如何防範?

escape 字串跳脫

為什麼我們不會碰到?

XSS

Cross-site Scripting

原理跟 SQL Injection 差不多

DEMO

為什麼我們不會碰到?

總結

永遠不要相信

client 端的東西

webinar

By huli

webinar

  • 80
Loading comments...

More from huli