DevSexOoops or what development errors lead to

Introduction

web-. , , . , - « ». , , , « ?» « — », «» .





. « », .





, , - , . SQLi, RCE, XXE, XSS, . SQL injection ( SQLi). , id, - . , , :





$id = $_GET['id']
$query = "SELECT * FROM some_table_name WHERE id=$id"
      
      



:





SELECT * FROM some_table_name WHERE id=1
      
      



, , «'», :





SELECT * FROM some_table_name WHERE id=1'
      
      



, - , SQLi. , , , , . , - HackerOne, 2019-2020 SQLi. Acunetix , - 2019-2020 , SQLi 8% , .





, , , ?! , . . Injection, __wakeup(). , $some_data.





<?php
class Injection {
        public $some_data;
        function __wakeup(){
                if( isset( $this->some_data ) ){
                        eval( $this->some_data );
                }
        }
}

if( isset( $_REQUEST['data'] ) ){
        $result = unserialize( $_REQUEST['data'] );
        // ...
}
?>
<?php
class Injection {
        public $some_data;
        function __wakeup(){
                if( isset( $this->some_data ) ){
                        eval( $this->some_data );
                }
        }
}
$inj = new Injection();
$inj->some_data = "phpinfo();";
echo( serialize( $inj ) );
?>
      
      



, :





O:9:"Injection":1:{s:9:"some_data";s:10:"phpinfo();";}
      
      



- , , phpinfo().





, , , . :





$LINK = new mysqli($DB_HOST, $DB_USER, $DB_PASS, $DB_NAME);
    $user_name = $_GET['login'];
    $user_password = $_GET['password'];
    $query = $LINK->prepare("select id from user where login = '$user_name' and user_password='$user_password'");
    $query->execute();
      
      



, , , « », 123456789. , : $123456789 123456789#. - , .





NordPass, , - 123456, — 123456789, , ( 200 ), « » .





-, .





. , , , , , , . , ?!





CMS WordPress «». , , . , , . - , - , .





! , — -, . , :





  • . , - ;





  • -, .





ngnix:





http {
               autoindex on;
               include etc/nginx/mime.types;
               default_type   application/octet-stream;
      
      



:





  • - . , .





? 90% , . «» , , , . Linux . Unix- , - , , - . « - !».





- 1024. .





, . , , , -, . , ? — ! !





, web-, , .





.





- - (WAF). , , , WAF. WAF . Nemesida WAF — , . Nemesida WAF .





, , , -.








All Articles