Common PHP Attacks and Solutions

by Miles Warren

Many people encounter PHP attacks in their daily work. They deal with these problems in different ways. Let’s look at some common PHP attacks and their solutions. I hope them can help you in your work.

1. SQL injection

SQL injection is a malicious attack. The user influences normal SQL execution by entering SQL statements in form fields. Another is injected through the system() or exec() command. It has the same SQL injection mechanism, but only for shell commands. Prevent SQL injection options:
(1) Use mysql_real_escape_string() to filter the data.
(2) Manually check whether each data is the correct data type.
(3) Use pre-processed statements and bind variables.
(4) Use the prepared pre-processed statements.
(5) Separation of data and SQL logic.
(6) The preprocessed statement will be automatically filtered (such as: escape).

2. XSS attacks

XSS(cross-site scripting attack) is an attack. The user enters some data into a personal website. This includes client-side scripting (usually JavaScript). If you don't filter, output the data to another Web page. The script will be executed to receive the text content submitted by the user.

To prevent XSS attacks, you can use the PHP htmlentities() function to filter and output to the browser. The basic usage of htmlentities() is simple. But there are also many advanced controls, as shown in the XSS lookup table.

3.Code injection

Code injection is caused by processing invalid data by a computer vulnerability. Code injection can be used by an attacker to import code into a specific computer program. Then to change the process or purpose of a program.

To prevent code injection, you can filter input of user. Set in PHP.ini to disable allow_url_fopen and allow_url_include. So they can disable remote files of require/include/fopen.

General principles:
(1) Don't protect your application by relying on the server configuration. Embed security-conscious checks/logic in your site code.
(2) Design the server-side security script.
For example, single line execution, single point of authentication, and data cleaning are used. For example, embed a PHP function/file in all security-sensitive pages. It is used to handle all logon/security logic checks.
(3) Make sure your code is updated with the latest patches.

4. Session immobilization attack

Session immobilization attack is a mechanism that exploits the invariant session ID of the system at the server. An attacker can use this session ID to hijack someone else's session to impersonate someone else successfully. Solution:
1. Log in and rebuild the session.
2. Disable client access to cookies.

5. Meeting capture and hijacking

It has similar attack behavior to session fixation. And it will steal the session ID. If the session ID is stored in Cookie, an attacker can steal it through XSS and JavaScript. If the session ID is included in the URL, it can be obtained by sniffing. Or from a proxy server. Preventing session capture and hijacking you could update ID. And if using a session, make sure to use SSL.

Facing the common PHP attacks, we must know where they came from. Analyze them rationally and cut off their information, and do the protection well.

Leave a Comment