{"id":499,"date":"2015-08-17T00:12:48","date_gmt":"2015-08-16T21:12:48","guid":{"rendered":"https:\/\/furkansandal.com\/php-scriptlerde-sqli-tespiti-ve-exploit-etme\/"},"modified":"2015-08-17T00:12:48","modified_gmt":"2015-08-16T21:12:48","slug":"php-scriptlerde-sqli-tespiti-ve-exploit-etme","status":"publish","type":"post","link":"https:\/\/furkansandal.com\/php-scriptlerde-sqli-tespiti-ve-exploit-etme\/","title":{"rendered":"PHP Scriptlerde SQLi Tespiti ve Exploit Etme"},"content":{"rendered":"<div id=\"post-body-1953119022558697238\" itemprop=\"articleBody\" readability=\"175.341586074\">\n<div class=\"tr_bq\" readability=\"7\">\n<div class=\"separator\" style=\"clear: both; text-align: center;\">\n<img loading=\"lazy\" decoding=\"async\" border=\"0\" src=\"https:\/\/i0.wp.com\/2.bp.blogspot.com\/-uLSkF0sL5qQ\/UcHyIMe7D7I\/AAAAAAAAJeA\/E-aMajqT7jA\/s1600\/Bug-hunting-microsoft.jpg?resize=200%2C195\" height=\"195\" width=\"200\" data-recalc-dims=\"1\" \/><\/div>\n<p>N\u015eA&#8217;da PHP scriptler \u00fczerinde iki y\u00f6ntem ile zafiyet ara\u015ft\u0131rmalar\u0131 yap\u0131labilir.<\/p><\/div>\n<p><\/p>\n<ol>\n<li>Manuel Ara\u015ft\u0131rma<\/li>\n<li>Otomatik Taramalarla<\/li>\n<\/ol>\n<p>\nBiz bu makalede iki y\u00f6ntemi de kullanarak <u>temel anlamda<\/u> PHP scriptlerde zafiyetler (SQLi, XSS, RCE, LFI vb.) nas\u0131l ke\u015ffedilir ve nas\u0131l exploit (s\u00f6m\u00fcrme) edilebilir bunlara de\u011finece\u011fiz.<\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_55 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title \" >Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\" role=\"button\"><label for=\"item-662f04c65abcf\" ><span class=\"\"><span style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input aria-label=\"Toggle\" aria-label=\"item-662f04c65abcf\"  type=\"checkbox\" id=\"item-662f04c65abcf\"><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/furkansandal.com\/php-scriptlerde-sqli-tespiti-ve-exploit-etme\/#SQL_Injection_Nedir\" title=\"\nSQL Injection Nedir?\">\nSQL Injection Nedir?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/furkansandal.com\/php-scriptlerde-sqli-tespiti-ve-exploit-etme\/#RIPS_Kurulumu_ve_Kullanimi\" title=\"\nRIPS Kurulumu ve Kullan\u0131m\u0131\">\nRIPS Kurulumu ve Kullan\u0131m\u0131<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/furkansandal.com\/php-scriptlerde-sqli-tespiti-ve-exploit-etme\/#Diger_SQL_Injection%E2%80%99dan_Korunma_Yontemleri\" title=\"\nDi\u011fer SQL Injection&#8217;dan Korunma Y\u00f6ntemleri\">\nDi\u011fer SQL Injection&#8217;dan Korunma Y\u00f6ntemleri<\/a><\/li><\/ul><\/nav><\/div>\n<h4><span class=\"ez-toc-section\" id=\"SQL_Injection_Nedir\"><\/span>\nSQL Injection Nedir?<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p>Web uygulamalar\u0131nda bir\u00e7ok i\u015flem i\u00e7in kullan\u0131c\u0131dan al\u0131nan veri ile dinamik SQL c\u00fcmlecikleri olu\u015fturulur. \u00d6rne\u011fin; &#8220;<i>SELECT * FROM Products<\/i>&#8221; \u00f6rnek SQL c\u00fcmleci\u011fi basit \u015fekilde veritaban\u0131ndan web uygulamas\u0131na t\u00fcm \u00fcr\u00fcnleri d\u00f6nd\u00fcrecektir. Bu SQL c\u00fcmlecikleri olu\u015fturulurken araya s\u0131k\u0131\u015ft\u0131r\u0131lan herhangi bir meta-karakter SQL Injection&#8217;a neden olabilir.<\/p>\n<p>\u00d6ncelikle \u00f6rnek olmas\u0131 a\u00e7\u0131s\u0131ndan SQL Injection a\u00e7\u0131\u011f\u0131 bar\u0131nd\u0131ran bir betik ile ba\u015flayal\u0131m.<br \/>\nBeti\u011fimizin g\u00f6revi; \u00fcye id&#8217;sine g\u00f6re veritaban\u0131ndan o id&#8217;ye sahip \u00fcyenin bilgilerini ekrana yazd\u0131rmaktad\u0131r.<\/p>\n<p><b>sqli<\/b> isimli bir veritaban\u0131 olu\u015fturdum ve i\u00e7inde <b>uye <\/b>isimli bir tablo mevcut. Tablonun da 4 adet s\u00fctunu var. S\u00fctunlar: <b>id, username, password, email<\/b><br \/>Son olarak da i\u00e7ine \u00f6rnek birka\u00e7 adet veri giri\u015fi yapt\u0131m:<\/p>\n<div class=\"separator\" style=\"clear: both; text-align: center;\">\n<img loading=\"lazy\" decoding=\"async\" border=\"0\" src=\"https:\/\/i0.wp.com\/3.bp.blogspot.com\/-CzMN1R8ykbc\/U3NNTldz10I\/AAAAAAAAAxQ\/WJfsAqlGiyY\/s1600\/sqli-researching1.png?resize=640%2C443\" height=\"443\" width=\"640\" data-recalc-dims=\"1\" \/><\/div>\n<p>\nBeti\u011fimizi olu\u015fturan <b>uye.php<\/b> dosyas\u0131n\u0131n kodlar\u0131 a\u015fa\u011f\u0131daki gibidir:<\/p>\n<blockquote><p>\n&lt;?php\u00a0<\/p><\/blockquote>\n<blockquote><p>\n$baglan = mysql_pconnect(&#8220;localhost&#8221;,&#8221;root&#8221;,&#8221;123456&#8243;); \u00a0 \u00a0\/ veritaban\u0131na ba\u011flan\u0131yoruz<br \/>$baglan = mysql_select_db(&#8220;sqli&#8221;,$baglan); \u00a0 \u00a0\/ olu\u015fturdu\u011fumuz veritaban\u0131m\u0131z\u0131 se\u00e7iyoruz<\/p><\/blockquote>\n<blockquote><p>\n<span style=\"color: red;\"><b>$id = $_GET[&#8220;id&#8221;];<br \/>$sorgu = &#8220;SELECT * FROM uye WHERE id=&#8221;.$id;<\/b><\/span><br \/>$cek = mysql_fetch_object(mysql_query($sorgu));\u00a0<\/p><\/blockquote>\n<blockquote><p>\necho &#8216;Olusan Sorgu: &#8216;.$sorgu.&#8221;&lt;br&gt;&#8221;;<br \/>echo $cek-&gt;username.&#8221;&lt;br&gt;&#8221;.$cek-&gt;email;\u00a0<\/p><\/blockquote>\n<blockquote><p>\n?&gt;<\/p><\/blockquote>\n<p>Bu beti\u011fi SQL Injection&#8217;a u\u011fratan kod k\u0131s\u0131mlar\u0131n\u0131 k\u0131rm\u0131z\u0131 renkle vurgulayarak g\u00f6sterdim..<br \/>\nB\u00f6yle bir kod yaz\u0131m\u0131 g\u00f6stere g\u00f6stere SQL Injection zafiyetine zemin olu\u015fturmaktad\u0131r. Zafiyete neden olan\u00a0<b>id=<\/b>\u00a0query stringinin filtrelenmeden dinamik sql sorgusuyla birle\u015ftirilmesidir.<\/p>\n<p>Manuel yolla ve genel olarak PHP scriptlerde SQL Injection zafiyetini yukar\u0131daki kod \u00f6rne\u011findeki gibi tespitini yapabiliriz. Yani dinamik sorgu c\u00fcmleciklerine ve hangi y\u00f6ntemlerle sorgu \u00e7ekildiklerine odaklan\u0131lmal\u0131d\u0131r.<\/p>\n<p>uye.php \u00e7al\u0131\u015ft\u0131r\u0131ld\u0131\u011f\u0131nda g\u00f6r\u00fcld\u00fc\u011f\u00fc gibi 1 id&#8217;sindeki bilgiler yani benim bilgilerim ekrana yazd\u0131r\u0131ld\u0131:<br \/><img decoding=\"async\" border=\"0\" src=\"https:\/\/i0.wp.com\/3.bp.blogspot.com\/-EpKlcdBAhEo\/U3Ndo9bYEjI\/AAAAAAAAAxk\/vG_txNsFGQM\/s1600\/sqli-researching2.png\" data-recalc-dims=\"1\" \/><br \/>\nFakat zay\u0131f bir kod yaz\u0131m \u015fekli kulland\u0131\u011f\u0131m\u0131z i\u00e7in \u015fimdi bunu SQL Injection sald\u0131r\u0131s\u0131na u\u011fratal\u0131m, nas\u0131l m\u0131? id=1 ifadesinden sonra <span style=\"color: red;\"><b>&#8216;<\/b><\/span> (tek t\u0131rnak) meta-karakterini kullanarak:<br \/><img loading=\"lazy\" decoding=\"async\" border=\"0\" src=\"https:\/\/i0.wp.com\/3.bp.blogspot.com\/-S5E3MswuCHw\/U3NgHdICGVI\/AAAAAAAAAxw\/sEbGCHQOIGE\/s1600\/sqli-researching3.png?resize=640%2C176\" height=\"176\" width=\"640\" data-recalc-dims=\"1\" \/><\/p>\n<p>Sayfa <i><b>Warning: mysql_fetch_object()&#8230;<\/b><\/i> hatas\u0131 verdi! \u015eimdi s\u0131ra geldi bunu s\u00f6m\u00fcrmeye yani exploit etmeye \ud83d\ude42 Veritaban\u0131ndan hassas veriyi s\u0131zd\u0131r\u0131yoruz:<br \/><img loading=\"lazy\" decoding=\"async\" border=\"0\" src=\"https:\/\/i0.wp.com\/2.bp.blogspot.com\/-6PMUy0Jkwwc\/U3NmNrRyrbI\/AAAAAAAAAyA\/R4M9eMxnZ1w\/s1600\/sqli-researching4.png?resize=640%2C180\" height=\"180\" width=\"640\" data-recalc-dims=\"1\" \/><br \/>G\u00f6r\u00fcld\u00fc\u011f\u00fc gibi bilgiler ekrana yans\u0131d\u0131:<br \/><i>username: <b>ismailsaygili<\/b><\/i><br \/><i>password: <b>iso123<\/b><\/i><\/p>\n<p>Ayn\u0131 exploiting i\u015flemini bir de otomatize ara\u00e7 olan <b>SQLMap<\/b> ile exploit edelim:<\/p>\n<div class=\"separator\" style=\"clear: both; text-align: center;\">\n<img loading=\"lazy\" decoding=\"async\" border=\"0\" src=\"https:\/\/i0.wp.com\/2.bp.blogspot.com\/-wWUVxHZIT_g\/U3N3jn6_mMI\/AAAAAAAAAyQ\/O8xkllIhFN4\/s1600\/sqli-researching5.png?resize=640%2C420\" height=\"420\" width=\"640\" data-recalc-dims=\"1\" \/><\/div>\n<p>\nScript \u00fczerinde manuel y\u00f6ntemle SQL Injection zafiyetini ke\u015ffetmi\u015ftik, \u015fimdi de otomatik olarak <b>RIPS<\/b> yaz\u0131l\u0131m\u0131 arac\u0131l\u0131\u011f\u0131yla PHP scriptler \u00fczerinde zafiyet ara\u015ft\u0131rmas\u0131 yapal\u0131m. Bu arada RIPS; PHP i\u00e7in statik kodlarda zafiyet analizi yapan bir yaz\u0131l\u0131md\u0131r.<\/p>\n<h4><span class=\"ez-toc-section\" id=\"RIPS_Kurulumu_ve_Kullanimi\"><\/span>\nRIPS Kurulumu ve Kullan\u0131m\u0131<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p>RIPS hi\u00e7 bir kurulum gerektirmez! Tak-\u00c7al\u0131\u015ft\u0131r mant\u0131\u011f\u0131 \ud83d\ude42<\/p>\n<p>\u00d6ncelikle RIPS&#8217;i <b>buradan<\/b> indirelim. <b>rips<\/b> klas\u00f6r\u00fcn\u00fc localhost&#8217;unuza kopyalay\u0131n ve web taray\u0131c\u0131n\u0131zla ilgili URL&#8217;e gidin:<br \/><img loading=\"lazy\" decoding=\"async\" border=\"0\" src=\"https:\/\/i0.wp.com\/4.bp.blogspot.com\/-eo7Vgrw6Vps\/U3N9yF7g9FI\/AAAAAAAAAyo\/Kr4iTd8zG9Y\/s1600\/sqli-researching6.1.png?resize=640%2C324\" height=\"324\" width=\"640\" data-recalc-dims=\"1\" \/><\/p>\n<p><i>1. Ad\u0131mda:<\/i> Taramak istedi\u011finiz PHP scriptin klas\u00f6r yolu belirtilir. Ben yukar\u0131da \u00f6rne\u011fini yapt\u0131\u011f\u0131m\u0131z beti\u011fin klas\u00f6r yolunu yazd\u0131m, \u00e7\u00fcnk\u00fc \u015fuan onu tarayaca\u011f\u0131z.<\/p>\n<p><i>2. Ad\u0131mda:<\/i> Zafiyet tipi se\u00e7ilir. Ben SQL Injection zafiyetini se\u00e7tim.<\/p>\n<p><i>3. Ad\u0131mda:<\/i> subdirs&#8217;i se\u00e7ersek belirtti\u011finiz klas\u00f6r yolunun alt klas\u00f6rleri de taranacakt\u0131r.<\/p>\n<p><i>4. Ad\u0131mda:<\/i> Son olarak scan butonuna basarak taramay\u0131 ba\u015flat\u0131yoruz.<\/p>\n<p>Ben taramam\u0131 yapt\u0131m ve sonu\u00e7 bu \u015fekilde:<\/p>\n<div class=\"separator\" style=\"clear: both; text-align: center;\">\n<img loading=\"lazy\" decoding=\"async\" border=\"0\" src=\"https:\/\/i0.wp.com\/2.bp.blogspot.com\/-PxZr7GDLRIA\/U3OC_jiL2KI\/AAAAAAAAAy0\/Z7xGtUj6h08\/s1600\/sqli-researching7.png?resize=640%2C264\" height=\"264\" width=\"640\" data-recalc-dims=\"1\" \/><\/div>\n<p>\nG\u00f6r\u00fcld\u00fc\u011f\u00fc \u00fczere RIPS, 7. sat\u0131rda SQL Injection zafiyeti tespit etti. Yukar\u0131da biz manuel denetim yaparken ke\u015ffettik hat\u0131rlad\u0131n\u0131z m\u0131? \ud83d\ude42<\/p>\n<p><b><span style=\"color: blue;\">Hocam zay\u0131f kodu payla\u015ft\u0131n\u0131z, peki bu kodun g\u00fcvenli hali nas\u0131l yaz\u0131l\u0131r?<\/span><\/b><br \/><b>G\u00fcvenli Kod 1:<\/b><\/p>\n<blockquote class=\"tr_bq\" readability=\"8\"><p>\n&lt;?php<\/p>\n<p>$baglan = mysql_pconnect(&#8220;localhost&#8221;,&#8221;root&#8221;,&#8221;123456&#8243;);<br \/>$baglan = mysql_select_db(&#8220;sqli&#8221;,$baglan);\u00a0<\/p>\n<\/blockquote>\n<blockquote class=\"tr_bq\"><p>\n<b><span style=\"color: red;\">$id = (int) intval($_GET[&#8220;id&#8221;]);<\/span><\/b><span class=\"Apple-tab-span\" style=\"white-space: pre;\"> <\/span><b>\/\/ de\u011fi\u015fken tipi belirlenerek integer korumas\u0131 sa\u011fland\u0131<\/b><br \/>$sorgu = &#8220;SELECT * FROM uye WHERE id=&#8221;.$id;<br \/>$cek = mysql_fetch_object(mysql_query($sorgu));\u00a0<\/p><\/blockquote>\n<blockquote class=\"tr_bq\"><p>\necho &#8216;Olusan Sorgu: &#8216;.$sorgu.&#8221;&lt;br&gt;&#8221;;<br \/>echo $cek-&gt;username.&#8221;&lt;br&gt;&#8221;.$cek-&gt;email;<\/p>\n<p>?&gt;<\/p>\n<\/blockquote>\n<p><b>id<\/b> de\u011fi\u015fkeninin tipini belirleyerek integer korumas\u0131 sa\u011flam\u0131\u015f olduk. Yani sald\u0131rgan\u00a0<i>http:\/\/localhost\/sqli\/uye.php?id=1<\/i> URL&#8217;inden sonra tek t\u0131rnak meta-karakterini ekledi\u011finde amac\u0131na ula\u015famayacakt\u0131r \u00e7\u00fcnk\u00fc<b> id=<\/b> query&#8217;sinden sonra sadece integer de\u011ferler kabul edilecektir. String yani karakter dizileri kabul edilemeyecektir.<\/p>\n<div class=\"separator\" style=\"clear: both; text-align: center;\">\n<img loading=\"lazy\" decoding=\"async\" border=\"0\" src=\"https:\/\/i0.wp.com\/2.bp.blogspot.com\/-riLGjyf-tvg\/U3OGhwvp6TI\/AAAAAAAAAy8\/XJ-VVwRi2Dc\/s1600\/sqli-researching8.png?resize=640%2C176\" height=\"176\" width=\"640\" data-recalc-dims=\"1\" \/><\/div>\n<p>G\u00f6rd\u00fc\u011f\u00fcn\u00fcz gibi kullan\u0131c\u0131 ad\u0131 ve \u015fifreyi veritaban\u0131ndan \u00e7ekemiyoruz \ud83d\ude41<\/p>\n<p>SQL Injection&#8217;dan korunma tabi ki sadece bununla s\u0131n\u0131rl\u0131 de\u011fildir.. \u00d6rne\u011fin id de\u011fi\u015fkeni\u00a0<i>mysql_real_escape_string<\/i>\u00a0fonksiyonu i\u00e7ine al\u0131narak SQL sorgular\u0131 i\u00e7in zararl\u0131 olabilecek karakterlerin ba\u015f\u0131na <b><span style=\"color: red;\"><\/span><\/b> ekler.<\/p>\n<h4><span class=\"ez-toc-section\" id=\"Diger_SQL_Injection%E2%80%99dan_Korunma_Yontemleri\"><\/span>\nDi\u011fer <span style=\"color: red;\">SQL Injection&#8217;dan Korunma Y\u00f6ntemleri<\/span><span class=\"ez-toc-section-end\"><\/span><\/h4>\n<ul>\n<li>Web uygulamalar\u0131nda SQL Injection sald\u0131r\u0131s\u0131 yapmakta kullan\u0131lan komut ve karakterlerin ge\u00e7i\u015fi engellenmelidir. Veri giri\u015finin filtrelenmesi kadar veri \u00e7\u0131k\u0131\u015f\u0131n\u0131n da incelenmesi web uygulaman\u0131n g\u00fcvenli\u011fini artt\u0131racakt\u0131r.<\/li>\n<li>A\u015fa\u011f\u0131da belirtilen karakterlerin filtrelenmesi web uygulaman\u0131n SQL Injection ve olas\u0131 di\u011fer sald\u0131r\u0131lara kar\u015f\u0131 g\u00fcvenli\u011fini sa\u011flayacakt\u0131r:<\/li>\n<ul>\n<li><b>[&#8216;],[&lt;],[&gt;],[;],[\/],[?],[=],[&amp;],[#],[%],[],[],[|],[@],[],[union],[exec],[select],[insert], [update],[delete],[drop],[sp],[xp],[&#8220;]<\/b><\/li>\n<\/ul>\n<li>Veritaban\u0131 Ba\u011flant\u0131lar\u0131n\u0131n Yetkilerinin D\u00fc\u015f\u00fcr\u00fclmesi<\/li>\n<ul>\n<li>Web uygulaman\u0131n veritaban\u0131na ba\u011flan\u0131p kay\u0131tlar\u0131 okurken ve yazarken kulland\u0131\u011f\u0131 hesab\u0131n yetkilerinin minimumda tutulmas\u0131 olas\u0131 SQL Injection sald\u0131r\u0131s\u0131n\u0131n zararlar\u0131n\u0131 azaltacakt\u0131r.<\/li>\n<\/ul>\n<li>Hata Mesajlar\u0131n\u0131n Engellenmesi<\/li>\n<ul>\n<li>Sald\u0131rganlar\u0131n hata mesajlar\u0131ndan bilgi almas\u0131n\u0131 engellemek i\u00e7in hata mesajlar\u0131n\u0131n g\u00f6r\u00fcnt\u00fclenmesini engellemek sistemi daha g\u00fcvenli hale getirecektir.<\/li>\n<\/ul>\n<li>SA Hesab\u0131n\u0131n Korunmas\u0131<\/li>\n<ul>\n<li>MS SQL sunucu \u00fczerinde bulunan SA hesab\u0131n\u0131n g\u00fc\u00e7l\u00fc bir \u015fifreye sahip olmas\u0131 brute-force sald\u0131r\u0131na kar\u015f\u0131 sistemin g\u00fcvenli\u011fini artt\u0131rmak i\u00e7in gerekli etkenlerden biridir. Web uygulamalar\u0131n\u0131n SA hesab\u0131 ile veritaban\u0131na ba\u011flanmas\u0131n\u0131 engellemeliyiz! Olas\u0131 SQL Injection sonucu sald\u0131rgan\u0131n SA yetkilerinde kod \u00e7al\u0131\u015ft\u0131rabilece\u011fini unutmay\u0131n\u0131z.<\/li>\n<\/ul>\n<li>Kaynak Kodlar\u0131n Kontrol Edilmesi<\/li>\n<ul>\n<li>Web uygulamalar\u0131n\u0131n kaynak kodlar\u0131n\u0131n olas\u0131 sald\u0131r\u0131lara kar\u015f\u0131 denetlenmesi gerekmektedir. \u00d6zellikle kullan\u0131c\u0131n\u0131n veri giri\u015fine m\u00fcsade edilen alanlar ve URL alan\u0131nda yap\u0131labilecek de\u011fi\u015fikliklere kar\u015f\u0131 filtrelemelerin uygulanmas\u0131n\u0131 sa\u011flamal\u0131y\u0131z.<\/li>\n<\/ul>\n<li>Veritaban\u0131ndaki Kay\u0131tlar\u0131n \u015eifrelenmesi<\/li>\n<ul>\n<li>\u00d6zellikle kullan\u0131c\u0131lar\u0131n \u015fifrelerinin tutuldu\u011fu alanlar\u0131n \u015fifrelenerek veritaban\u0131na yaz\u0131lmas\u0131 olas\u0131 veritaban\u0131ndaki bilgilere ula\u015f\u0131lmas\u0131 durumuna kar\u015f\u0131 ekstra g\u00fcvenlik sa\u011flayacakt\u0131r.<\/li>\n<\/ul>\n<li>Yaz\u0131l\u0131msal veya donan\u0131msal olarak Web Application Firewall (WAF) kullan\u0131m\u0131<\/li>\n<\/ul>\n<p>\nPeki\u015ftirmek a\u00e7\u0131s\u0131ndan bir \u00f6rnek daha yapmak istiyorum.<br \/>\nPHP script olan TopGames v1.2 s\u00fcr\u00fcm\u00fcnde daha \u00f6nceden SQL Injection a\u00e7\u0131\u011f\u0131 ke\u015ffedilmi\u015f (http:\/\/www.exploit-db.com\/exploits\/26405\/).<\/p>\n<p>Haydi bunun sa\u011flamas\u0131n\u0131 RIPS ile tarayarak yapal\u0131m.. sonu\u00e7 ortada:<\/p>\n<div class=\"separator\" style=\"clear: both; text-align: center;\">\n<img loading=\"lazy\" decoding=\"async\" border=\"0\" src=\"https:\/\/i0.wp.com\/2.bp.blogspot.com\/-GLjRVScTu9Y\/U3OPebHYmRI\/AAAAAAAAAzM\/Yd1CJ4LGRkM\/s1600\/sqli-researching9.png?resize=640%2C402\" height=\"402\" width=\"640\" data-recalc-dims=\"1\" \/><\/div>\n<p>\nSQL Injection d\u0131\u015f\u0131nda bir de Cross-Site Scripting (XSS) zafiyeti ke\u015ffettik \ud83d\ude42<\/p>\n<p>play.php dosyas\u0131n\u0131n 4. sat\u0131r\u0131nda SQL Injection zafiyeti (<b>$_GET[&#8220;<span style=\"color: red;\">gid<\/span>&#8220;]<\/b>) ve cat.php dosyas\u0131n\u0131n 4. sat\u0131r\u0131nda (<b>$_GET[&#8220;<span style=\"color: red;\">id<\/span>&#8220;]<\/b>) XSS zafiyeti mevcutmu\u015f.<\/p>\n<p>SQL Injection zafiyetini bu seferde <b>Havij<\/b> ile exploit edelim:<\/p>\n<div class=\"separator\" style=\"clear: both; text-align: center;\">\n<img loading=\"lazy\" decoding=\"async\" border=\"0\" src=\"https:\/\/i0.wp.com\/1.bp.blogspot.com\/-g0FlUuQtsW0\/U3OSI9FycEI\/AAAAAAAAAzU\/2u2uO8Jttfo\/s1600\/sqli-researching10.png?resize=588%2C640\" height=\"640\" width=\"588\" data-recalc-dims=\"1\" \/><\/div>\n<p>\nBir de buldu\u011fumuz XSS zafiyetini test edelim:<\/p>\n<div class=\"separator\" style=\"clear: both; text-align: center;\">\n<img loading=\"lazy\" decoding=\"async\" border=\"0\" src=\"https:\/\/i0.wp.com\/2.bp.blogspot.com\/-7zbk3CfbBRo\/U3OSTx43l3I\/AAAAAAAAAzc\/xzUlon4s8kY\/s1600\/sqli-researching11.png?resize=640%2C296\" height=\"296\" width=\"640\" data-recalc-dims=\"1\" \/><\/div>\n<p>\nSonu\u00e7 ba\u015far\u0131l\u0131&#8230;<\/p>\n<p>TopGames scriptinde buldu\u011fumuz XSS zafiyetini Exploit-DB&#8217;ye mi bildirsek ne? \ud83d\ude42<\/p>\n<\/div>\n<p>\n<a href=\"https:\/\/furkansandal.com\">Furkan SANDAL<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>N\u015eA&#8217;da PHP scriptler \u00fczerinde iki y\u00f6ntem ile zafiyet ara\u015ft\u0131rmalar\u0131 yap\u0131labilir. Manuel Ara\u015ft\u0131rma Otomatik Taramalarla Biz bu makalede iki y\u00f6ntemi de&#8230;<\/p>\n","protected":false},"author":1,"featured_media":477,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","footnotes":""},"categories":[6,1,9,10,7,4],"tags":[78,76,88,89,26,83,81,79,82,77,80,84,85,87,86],"aioseo_notices":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/furkansandal.com\/wp-content\/uploads\/2015\/08\/tekno.jpg?fit=480%2C343&ssl=1","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p6BM7I-83","amp_enabled":true,"_links":{"self":[{"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/posts\/499"}],"collection":[{"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/comments?post=499"}],"version-history":[{"count":0,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/posts\/499\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/media\/477"}],"wp:attachment":[{"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/media?parent=499"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/categories?post=499"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/tags?post=499"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}