Review: What topics we’ve covered?

• Web Apps’ architecture → Computer network (fundamental)

  • DNS Rebind Attack

• Introduction to HTML/CSS/JavaScript → Web page rendering process

• Introduction to PHP → Old-school language for web pages

  But it’s still alive! E.g. :

  • WordPress
  • Wikipedia
  • Facebook
  • CMS systems
  • …

• SQL injection attacks → “Outdated” attack vector (small↓↓↓ attack interface)

  • Alleviation(缓解措施): blacklist filtering, WAF, …
  • Solution: ORM frameworks or other frameworks

    • Map your code into database operations, and may even be equipped with static type-checking.

    • …even compile-time checked!

      

      其他语言做得到吗？

<aside> 💡 Why to study “outdated” attacks? To know how attacks & defenses evolve is to obtain a better security insight and mindset. The same pattern appears again and again… Web techs are a big circle (PHP/Template engines = Server Side Rendering? 🤔).

</aside>

What’s Next?

😃 Challenge-driven learning!

Prelude: How to run a PHP script?

• Manage multiple versions of PHP:

  sudo add-apt-repository ppa:ondrej/php
  sudo apt-get update 
  sudo apt-get upgrade
  
  sudo apt-get install php7.2
  sudo apt-get install php7.1
  sudo apt-get install php7.0
  sudo apt-get install php5.6 
  
  # Switch the version
  sudo update-alternatives --config php
  

• Command line interface (CLI)

  

  or use the interactive command line: php -a

• As an Apache module: https://www.php.net/manual/zh/security.apache.php

• PHP CGI (Common Gateway Interface)

  • php-cgi FastCGI php-fpm: https://cloud.tencent.com/developer/article/1924709

Some simple attacks

Git leaks & file leaks

• Scan possible folders: using dirsearch -u <http://>

• Using GitHack to extract key info from .git folder: [GXYCTF2019]禁止套娃1

  Tool: https://github.com/lijiejie/GitHack

  

  

<aside> ⚠️ Scanning a website may issue an extraordinary workload to the server and turn into a DoS attack. Do not perform this on an actual website without authorization!

</aside>