来源:自学PHP网 时间:2015-04-15 15:00 作者: 阅读:次
[导读] 我是在dvwa(Damn Vulnerable Web App)上学到的这些东西,我把dvwa安装在了我的免费空间上,有兴趣的可以看看。DVWA想要用户名和密码的可以联系我:sq371426@163 comdvwa 用的验证是google提供的,...
|
我是在dvwa(Damn Vulnerable Web App)上学到的这些东西,我把dvwa安装在了我的免费空间上,有兴趣的可以看看。DVWA
想要用户名和密码的可以联系我:sq371426@163.com
dvwa 用的验证是google提供的,详情见google CAPCTHE
这里所谓的不安全的验证码机制是指对前台获得的验证码在后台验证不够全面引起的安全问题,呵呵,这里比较绕口是吧
下面我们来看一下不安全的代码吧
<?php
if( isset( $_POST['Change'] ) && ( $_POST['step'] == '1' ) ) {
$hide_form = true;
$user = $_POST['username'];
$pass_new = $_POST['password_new'];
$pass_conf = $_POST['password_conf'];
$resp = recaptcha_check_answer ($_DVWA['recaptcha_private_key'],
$_SERVER["REMOTE_ADDR"],
$_POST["recaptcha_challenge_field"],
$_POST["recaptcha_response_field"]);
if (!$resp->is_valid) {
// What happens when the CAPTCHA was entered incorrectly
echo "<pre><br />The CAPTCHA was incorrect. Please try again.</pre>";
$hide_form = false;
return;
} else {
if (($pass_new == $pass_conf)){
echo "<pre><br />You passed the CAPTCHA! Click the button to confirm your changes. <br /></pre>";
echo "
<form action=\"#\" method=\"POST\">
<input type=\"hidden\" name=\"step\" value=\"2\" />
<input type=\"hidden\" name=\"password_new\" value=\"" . $pass_new . "\" />
<input type=\"hidden\" name=\"password_conf\" value=\"" . $pass_conf . "\" />
<input type=\"submit\" name=\"Change\" value=\"Change\" />
</form>";
}
else{
echo "<pre> Both passwords must match </pre>";
$hide_form = false;
}
}
}
if( isset( $_POST['Change'] ) && ( $_POST['step'] == '2' ) )
{
$hide_form = true;
if ($pass_new != $pass_conf)
{
echo "<pre><br />Both passwords must match</pre>";
$hide_form = false;
return;
}
$pass = md5($pass_new);
if (($pass_new == $pass_conf)){
$pass_new = mysql_real_escape_string($pass_new);
$pass_new = md5($pass_new);
$insert="UPDATE `users` SET password = '$pass_new' WHERE user = '" . dvwaCurrentUser() . "';";
$result=mysql_query($insert) or die('<pre>' . mysql_error() . '</pre>' );
echo "<pre> Password Changed </pre>";
mysql_close();
}
else{
echo "<pre> Passwords did not match. </pre>";
}
}
?>
<?php
if( isset( $_POST['Change'] ) && ( $_POST['step'] == '1' ) ) {
$hide_form = true;
$user = $_POST['username'];
$pass_new = $_POST['password_new'];
$pass_conf = $_POST['password_conf'];
$resp = recaptcha_check_answer($_DVWA['recaptcha_private_key'],
$_SERVER["REMOTE_ADDR"],
$_POST["recaptcha_challenge_field"],
$_POST["recaptcha_response_field"]);
if (!$resp->is_valid) {
// What happens when the CAPTCHA was entered incorrectly
echo "<pre><br />The CAPTCHA was incorrect. Please try again.</pre>";
$hide_form = false;
return;
} else {
if (($pass_new == $pass_conf)){
echo "<pre><br />You passed the CAPTCHA! Click the button to confirm your changes. <br /></pre>";
echo "
<form action=\"#\" method=\"POST\">
<input type=\"hidden\" name=\"step\" value=\"2\" />
<input type=\"hidden\" name=\"password_new\" value=\"" . $pass_new . "\" />
<input type=\"hidden\" name=\"password_conf\" value=\"" . $pass_conf . "\" />
<input type=\"hidden\" name=\"passed_captcha\" value=\"true\" />
<input type=\"submit\" name=\"Change\" value=\"Change\" />
</form>";
}
else{
echo "<pre> Both passwords must match </pre>";
$hide_form = false;
}
}
}
if( isset( $_POST['Change'] ) && ( $_POST['step'] == '2' ) )
{
$hide_form = true;
if (!$_POST['passed_captcha'])
{
echo "<pre><br />You have not passed the CAPTCHA. Bad hacker, no doughnut.</pre>";
$hide_form = false;
return;
}
$pass = md5($pass_new);
if (($pass_new == $pass_conf)){
$pass_new = mysql_real_escape_string($pass_new);
$pass_new = md5($pass_new);
$insert="UPDATE `users` SET password = '$pass_new' WHERE user = '" . dvwaCurrentUser() . "';";
$result=mysql_query($insert) or die('<pre>' . mysql_error() . '</pre>' );
echo "<pre> Password Changed </pre>";
mysql_close();
}
else{
echo "<pre> Passwords did not match. </pre>";
}
}
?>
到这里这段代码算是比较安全的了,但是仔细想想还是觉得这段代码哪里不对劲,是否过于冗余了呢。 下面我们来看精简安全的代码
<?php
if( isset( $_POST['Change'] ) && ( $_POST['step'] == '1' ) ) {
$hide_form = true;
<!--DVFMTSC-->$pass_new = $_POST['password_new'];
$pass_new = stripslashes( $pass_new );
$pass_new = mysql_real_escape_string( $pass_new );
$pass_new = md5( $pass_new );
<!--DVFMTSC-->$pass_conf = $_POST['password_conf'];
<!--DVFMTSC-->$pass_conf = stripslashes( $pass_conf );
$pass_conf = mysql_real_escape_string( $pass_conf );
$pass_conf = md5( $pass_conf );
$resp = recaptcha_check_answer ($_DVWA['recaptcha_private_key'],
$_SERVER["REMOTE_ADDR"],
$_POST["recaptcha_challenge_field"],
$_POST["recaptcha_response_field"]);
if (!$resp->is_valid) {
// What happens when the CAPTCHA was entered incorrectly
echo "<pre><br />The CAPTCHA was incorrect. Please try again.</pre>";
$hide_form = false;
return;
} else {
// Check that the current password is correct
$qry = "SELECT password FROM `users` WHERE user='admin' AND password='$pass_curr';";
$result = mysql_query($qry) or die('<pre>' . mysql_error() . '</pre>' );
if (($pass_new == $pass_conf) && ( $result && mysql_num_rows( $result ) == 1 )){
$insert="UPDATE `users` SET password = '$pass_new' WHERE user = '" . dvwaCurrentUser() . "';";
$result=mysql_query($insert) or die('<pre>' . mysql_error() . '</pre>' );
echo "<pre> Password Changed </pre>";
mysql_close();
}
else{
echo "<pre> Either your current password is incorrect or the new passwords did not match. Please try again. </pre>";
}
}
}
?>
|
自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习
京ICP备14009008号-1@版权所有www.zixuephp.com
网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com
