Task |
Linux |
OS X | Windows |
Open sysadmin shell |
Open a Terminal sudo su |
Open a Terminal sudo su |
Start -> CMD Right click, "Run as Administrator" |
Install PHP behind Apache |
Ubuntu:
sudo apt-get install php-common libapache2-mod-php php-cli |
XAMPP has an easy to use installer for Windows and OS X. (MariaDB is an open source fork of MySQL.) | |
Check IP address |
ifconfig |
ifconfig |
ipconfig |
Check running services |
netstat -tulpan |
netstat -ap tcp | netstat -bano |
Restart apache |
service apache2 restart |
Use XAMPP control panel, or apachectl stop |
cd C:\xampp\apache\bin httpd -k -restart |
Apache config files |
/etc/apache2 |
xampp/apache/conf |
|
Apache web content directory (by default) |
/var/www/html |
xampp/htdocs |
Free form text here! <?php $start=microtime(true); for ($i=0;$i<10;$i++) { print "i=$i\n"; } $elapsed=microtime(true)-$start; print "Elapsed=$elapsed seconds"; ?> More text down here!In your VM, move away the index.html in your apache web content directory, and make a file named "index.php" with something simple like this:
Welcome:
<?php
print "PHP works! ";
?>
<?phpYou can also send CGI parameters to a PHP script, and extract them via the $_REQUEST array. For example, if you add "?
$dsn = "mysql:host=localhost;dbname=webstore;charset=utf8";
$user="storemaster"; // database user
$pass="LMAO"; // database password
$conn=new PDO($dsn,$user,$pass);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
print "<p>DB connection established.";
$sql="SELECT * FROM customers";
foreach ($conn->query($sql) as $row) {
echo "<p>Customer: ID $row[0], name $row[1], addr $row[2]";
}
?>
<?php
print "The value of foo='" . $_REQUEST["foo"] . "'.";
?>
$sql="SELECT * FROM customers WHERE name='" . $_REQUEST["name"] . "'";Then suddenly somebody clever can add CGI parameters (or POST parameters, or a cookie, etc) that end the quote much too early, like:
injectable.php?name=%27%20OR%201=1%20OR%20name=%27This is the URL escaped version of:
' OR 1=1 OR name='
Which when stuck together with the original query gives:SELECT * FROM customers WHERE name='' OR 1=1 OR name=''Because 1=1 on every row, this displays the whole customer database.
injectable.php?name='; UPDATE customers SET address="yup" WHERE id=1;And it gets worse:
$query=$conn->prepare( "SELECT * FROM customers WHERE name=:name" );The ":name" business is a placeholder used during prepare, and substituted during the execute. Crucially, PDO can parse and validate the request before substitution, and then systematically escape the parameters as strings during execution. It's only a tiny amount of additional code, and it doesn't hand the whole database over to anybody smart enough to be able to modify the URL bar in their browser!
$query->execute(array( ":name" => $_REQUEST["name"] ));
foreach ($query as $row) ... as before ...
Welcome to the store:See Shar & Tan 2013 for paper-length details on countermeasures against SQL injection. (It's this week's CS 693 paper.)
<?php
$dsn = "mysql:host=localhost;dbname=webstore;charset=utf8;";
$user = "storemaster";
$pass = "LMAO";
$conn=new PDO($dsn,$user,$pass);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
print "<p>DB connection established.";
$query=$conn->prepare( "SELECT * FROM customers WHERE name=:name" );
$query->execute(array( ":name" => $_REQUEST["name"] ));
foreach ($query as $row) {
echo "<p>Customer: ID $row[0], name $row[1], addr $row[2]";
}
echo "<p>Store done;"
?>