Nā alakaʻi a ka mea hoʻomaka i ka SQL Injection a me ka Scripting Cross-Site

hooukaʻAʻole wau i kahi kūlana e hopohopo nui ai wau e pili ana i ka palekana, akā lohe pinepine wau i nā nāwaliwali a mākou e pale nei iā mākou iho. Nīnau wale wau i ka mea hoʻolālā ʻōnaehana akamai a ʻōlelo ʻo ia, "ʻAe, uhi ʻia mākou.", A laila hoʻi mai ka hoʻomaʻemaʻe palekana.

Eia nō naʻe, aia ʻelua hacks 'hacks' a i ʻole nāwaliwali i hiki iā ʻoe ke heluhelu e pili ana i ka nui ma ka upena i kēia mau lā, SQL Injection a me Cross-Site Scripting. Ua ʻike wau i nā mea ʻelua a ua heluhelu i kekahi mau bulletin 'techy' ma luna o lākou, akā ʻaʻole wau he programmer ʻoiaʻiʻo, e kali pinepine wau no ka hoʻohou hou ʻana i ka palekana a i ʻole e hōʻoia i ka ʻike o ka poʻe pono a e neʻe wau.

ʻO kēia mau nāwaliwali ʻelua nā mea e makaʻala ai kēlā me kēia, ʻoiai ka mea kūʻai aku. ʻO ka kau ʻana i kahi pūnaewele maʻalahi ma kāu pūnaewele hiki ke wehe maoli i kāu ʻōnaehana i kekahi mau mea maikaʻi ʻole.

ʻO Brandon Wood ua hana ʻo ia i kahi hana maikaʻi loa i ke kākau ʻana i nā Guides Hoʻomaka i nā kumuhana ʻelua i hiki iā ʻoe a i ʻole iaʻu ke hoʻomaopopo:

  • Pākuhi SQL
  • Ke Palapala Kūleʻa

5 Comments

  1. 1

    Wow, mahalo no ka pou Doug. Hoʻohanohano wau ... 🙂

    ʻO ka pilikia āu e hōʻike nei no ka ʻike ʻole i ka ʻike ʻana i kēia ʻano nāwaliwali ka pilikia nui loa aʻu e ʻike nei. Inā hōʻike wau i kahi programmer ʻaʻole ʻike i kahi mea e pili ana i ka palekana i kahi ʻāpana o ke code a nīnau iā lākou inā paʻa ia, ʻoiaʻiʻo e ʻōlelo lākou ua palekana ia - ʻaʻole maopopo iā lākou ka mea a lākou e ʻimi nei.

    ʻO ke kī maoli ma aneʻi ke aʻo nei i kā mākou mea hoʻomohala i ka mea e nānā ai, a pehea e hoʻoponopono ai. ʻO ia ke kumu ma hope o kaʻu ʻatikala ʻelua.

  2. 2

    ʻAʻole paha ʻo ia ka wahi kūpono akā ua hele mai e hoʻomaopopo i kahi mea koʻikoʻi.

    PS: Makemake wau e hoʻomaopopo e pili ana i kahi pilikia nui i ka wordpress i hiki iaʻu ke loaʻa. ʻO kāna hack nui i ka wordpress me ka makaʻu o 7 / 10. ʻAʻole wau e hoʻolaha akā nānā i kaʻu post html-injection-and-being -hacked. E ʻoluʻolu e hoʻomaopopo e pili ana i kēia i nā mea kākau blog ʻē aʻe. Ua kamaʻilio wau me Matt (WordPress) ma ka leka uila e pili ana iā ia

  3. 3

    ʻAshish,

    Mahalo no ka hōʻike ʻana mai iaʻu e pili ana i kēia - ua hoʻomaikaʻi wau iā WordPress 2.0.6. Manaʻoʻiʻo wau ua mālama ʻia kēia pilikia.

    Doug

  4. 4

    ʻAe ua hala i kēia manawa. ʻOi aku ka wikiwiki o ka mana hou

    PS: hiki iā mākou ke loaʻa kahi hoʻololi loulou? e haʻi iaʻu inā makemake ʻoe i ka manaʻo

  5. 5

    ʻO WordPress MySQL pūnaewele scanner?

    Aia kekahi mea hana i loaʻa i hiki ke scan an
    ua hoʻokuʻu ʻia aku ka papa ʻaina MySQL ma waho pūnaewele mai phpMyAdmin?

    Loaʻa iā mākou kahi database WordPress MYSQL i ʻike ʻia
    ua loaʻa kahi injection SQL.

Pehea kou manaʻo?

Ke hoʻohana nei kēia pūnaewele i ka Akismet e ho'ēmi i ka spam. E aʻo pehea e hanaʻia ai kāuʻikeʻikepili.