Web Security: PHP Exploits, SQL Injection & Slowloris

Table of Contents:

  1. Introduction to Web Security
  2. Overview of SQL Injection Attacks
  3. Setting up MySQL with Row-Level Security
  4. PHP and MySQL Integration Basics
  5. Demonstrations of SQL Injection Exploits
  6. Understanding HTTP Protocol and Requests
  7. The Slowloris Attack on Web Servers
  8. Mitigation Techniques for Web Server Attacks
  9. Best Practices in Secure Web Development
  10. Summary and Further Reading

Introduction to Web Security: PHP Exploits, SQL Injection, and Slowloris Attack

This PDF, authored by Avi Kak and titled Computer and Network Security Lecture 27, offers an in-depth exploration of web security issues focusing on PHP exploits, SQL injection attacks, and the Slowloris attack on web servers. It aims to equip IT professionals, students, and system administrators with practical knowledge and a foundational understanding of how these attacks are conducted and how to mitigate them.

The content walks readers through concepts like dynamic webpage creation using PHP coupled with MySQL, the mechanisms behind exploits targeting these technologies, and the nature of denial-of-service attacks exemplified by Slowloris. This comprehensive guide combines theoretical explanation with real-world examples, including executable scripts and server configurations, enabling learners to recognize vulnerabilities and implement robust protections. Additionally, the material stresses the importance of strict input validation and server configuration best practices, critical for preventing exploitation of server resources.

Topics Covered in Detail

  • Overview of PHP's role in dynamic web content generation and interaction with MySQL databases
  • Construction and common vulnerabilities of PHP scripts interacting with databases
  • Introduction and detailed explanation of SQL injection techniques and their impact on data integrity
  • Implementation and demonstration of SQL injection using a sample PHP script and MySQL setup
  • Analysis of the Slowloris attack, including the HTTP request structure that makes the attack feasible
  • Description of the Slowloris Perl script and guidance on safe experimentation in controlled environments
  • Best practices for securing web servers against malicious requests and attacks
  • Concepts of row-level database security and why it matters in protecting sensitive data
  • Overview of HTTP request headers and their role in network communication and attack vectors
  • Real-world advice on detecting, mitigating, and responding to PHP and network-level attacks

Key Concepts Explained

1. PHP and MySQL Integration for Web Servers

PHP is a widely used server-side scripting language that facilitates the creation of dynamic web pages by interacting with backend databases such as MySQL. This integration allows webpages to be customized for users by fetching and displaying stored data on demand. The PDF explains this interaction through a sample HTML form and a PHP script (RetrieveFromMySQL.php) that queries a MySQL database based on user credentials. It highlights how user inputs reach the server and can be vulnerable if not properly sanitized, laying the foundation for understanding SQL injection exploits 46, 45, 44.

2. SQL Injection Attacks

SQL injection is a technique where attackers insert malicious SQL code into user input fields, tricking the backend database into executing unauthorized commands. The document presents a simple PHP+SQL example demonstrating how weak input validation allows an attacker to alter queries and extract sensitive data or damage the database. It refers to best practices such as rigorous input checking and restricting database privileges to mitigate these risks 51, 46.

3. The Slowloris Attack

Discovered in 2009 by Robert Hansen, Slowloris is a denial-of-service attack that exploits how web servers handle incomplete HTTP requests. By sending numerous partial HTTP GET requests that never complete, an attacker exhausts the server’s connection capacity, preventing legitimate users from accessing services. The PDF describes how HTTP headers and syntax (such as CRLF line terminators) play into this attack and provides a Perl script for experimentation in controlled environments 54, 55.

4. HTTP Protocol and Request Construction

Understanding HTTP’s structure is critical for grasping web attacks. The PDF covers HTTP/1.0 and HTTP/1.1 request formats, emphasizing the syntax of GET requests and headers. It explains how each line ends with CRLF sequences (carriage return and line feed characters), which are key to protocol compliance and exploitation vectors like Slowloris. This fundamental knowledge aids in recognizing malicious request patterns and configuring servers to defend against abnormal traffic 55.

5. Row-Level Security in Databases

The concept of row-level security is crucial for protecting sensitive data by limiting user access to relevant database rows only. Illustrated through a bank account example, the PDF stresses its importance in multi-user environments where data segregation prevents unauthorized access. Implementing row-level security complements defenses against injection attacks by enforcing strict access policies even if an attacker manages to bypass other controls 27.

Practical Applications and Use Cases

Understanding these concepts practically enhances cybersecurity measures for web developers, administrators, and security practitioners. Specifically:

  • Secure Web Development: Developers can build web applications that safely interact with databases by applying strict input validation and employing prepared statements to prevent SQL injection. For example, sanitizing username and password inputs before using them in SQL queries shields databases from manipulation 46.

  • Server Hardening: Network administrators can configure web servers (such as Apache) to limit concurrent connections and detect or block slow HTTP requests, thwarting Slowloris-like denial-of-service attempts. Testing with scripts such as slowloris.pl in isolated networks helps explore server limits without risking live environment stability 54, 55.

  • Database Access Control: Deploying row-level security policies in MySQL databases restricts users to authorized data, minimizing damage if an exploit is successful. This can be vital for financial applications or multi-tenant platforms handling confidential data 27.

  • Incident Response and Penetration Testing: Security teams can use the understanding of PHP exploits and SQL injection techniques to simulate attacks during audits, identifying weak spots. This facilitates proactive patching and implementation of Web Application Firewalls (WAFs) or intrusion prevention systems.

Glossary of Key Terms

  • PHP (Hypertext Preprocessor): A server-side scripting language used to create dynamic webpages that interact with databases.
  • MySQL: An open-source relational database management system commonly used as a backend for web applications.
  • SQL Injection: A hacking technique where malicious SQL code is inserted into a query, compromising database security.
  • Slowloris: A denial-of-service attack exploiting incomplete HTTP requests, exhausting server connections.
  • HTTP Headers: Metadata in HTTP requests/responses that provide information about the communication.
  • CRLF (Carriage Return + Line Feed): Characters marking the end of a line in HTTP protocol syntax.
  • Row-Level Security: Database feature that restricts a user’s access to specific rows within tables to enhance data privacy.
  • PDO (PHP Data Objects): A PHP extension providing a consistent interface to access databases securely using prepared statements.
  • DoS (Denial of Service): An attack designed to make a service unavailable to legitimate users by overwhelming server resources.
  • Mod-Security: An open-source web application firewall used to protect servers from various attacks including injection and DoS attempts.

Who is this PDF for?

This PDF is designed for a broad audience involved with or interested in web and network security, including:

  • Students and Learners: Those pursuing computer science or cybersecurity education will find this a practical resource for understanding web server vulnerabilities and defenses.
  • Web Developers: Software engineers and web developers benefit by learning how to write secure PHP code and avoid common pitfalls that expose websites to attacks.
  • Sysadmins and Network Engineers: Professionals managing web server infrastructure will gain insights on monitoring and protecting servers from popular denial-of-service and injection attacks.
  • Security Analysts and Penetration Testers: This content supports ethical hackers in understanding attack vectors and strengthening security postures through simulated exploits and best practice countermeasures.
  • Educators: Teachers and trainers may use this as a lecture supplement or reference material highlighting real-world risks and mitigation strategies.

The comprehensive nature of the material and practical code examples make it highly useful for anyone seeking hands-on knowledge in defending web environments from typical threats.

How to Use this PDF Effectively

For best results:

  • Follow Along Practically: Try out the provided PHP scripts and database configurations in isolated, controlled environments to observe vulnerabilities firsthand.
  • Experiment Safely: Use tools like the Slowloris Perl script only on your own test servers to prevent legal or ethical violations.
  • Study Incrementally: Begin with understanding PHP-MySQL integration, then move to attack methods and finally defense techniques to build layered knowledge.
  • Apply Security Principles: Incorporate secure coding standards and server hardening steps immediately in your projects to reinforce learning with practice.
  • Engage in Discussions: Join cybersecurity forums or study groups to clarify doubts and share findings relating to web exploits and protections.

This approach ensures you deeply internalize concepts and translate them into effective security measures in professional or personal projects.

FAQ – Frequently Asked Questions

What is the Slowloris attack and how does it work? The Slowloris attack is a type of Denial of Service (DoS) aimed at web servers. It works by sending incomplete HTTP requests that are just long enough to keep the server's connections open. The server waits for the requests to complete, holding resources for each partial request. If an attacker opens many such connections simultaneously and keeps them alive, the server's capacity to handle legitimate requests is exhausted, potentially bringing the web server down. This exploit targets the concurrency limits of a server without flooding the network with traffic.

How does HTTP request syntax relate to the Slowloris attack? HTTP requests, especially GET requests, must follow a strict syntax that includes properly formatted headers and line terminators (CRLF sequences). Slowloris exploits this by sending headers slowly or partially, never completing the request, causing the server to keep open connections waiting for completion. Understanding HTTP 1.0 and 1.1 header rules and how clients communicate with servers is key to grasping how Slowloris keeps server threads tied up.

What is an SQL injection attack, and why is it dangerous? SQL injection attacks occur when unsanitized user input is embedded directly into SQL queries, allowing attackers to manipulate or execute unintended commands. This can lead to unauthorized access, data leakage, or even deletion of entire tables. The root cause is treating user input as code instead of data, effectively breaking the boundary between commands and data in SQL syntax. Proper input validation and use of parameterized queries are essential defenses.

How can PHP and MySQL be vulnerable to SQL injection? In web applications where PHP scripts accept user input to authenticate users or perform database queries, if these inputs are directly concatenated into SQL commands without filtering, attackers can inject SQL code through specially crafted inputs. For example, when a PHP script receives username and password via GET requests and uses them to establish database connections or query tables without sanitation, it can be exploited to run arbitrary SQL commands.

What measures can you take to protect against SQL injection? The most effective measures include rigorous input validation, escaping potentially dangerous characters, and using prepared statements or parameterized queries through database APIs like PDO in PHP. Limiting database privileges for web application users and avoiding direct concatenation of user inputs into SQL commands also help reduce risk. Regular security audits and staying updated with best practices are important too.

Exercises and Projects

The document mostly provides conceptual explanations, examples, and a few demonstration scripts but does not include formal exercises or projects. Based on the content, here are suggested projects with detailed steps:

Project 1: Experiment with the Slowloris Attack in a Controlled Environment

  • Set up an Apache web server on a dedicated machine or virtual environment.
  • Obtain the Slowloris Perl script (available from archived resources).
  • Run the Slowloris attack from a different machine targeting your server within the same local network.
  • Monitor the web server’s resource usage and responsiveness during the attack.
  • Then, implement mitigation strategies such as configuring server timeouts or using modules like mod_reqtimeout to defend against Slowloris.
  • Document your observations and compare server performance before and after applying defenses.

Project 2: Build a Simple PHP User Authentication System Vulnerable to SQL Injection

  • Create a MySQL database named Manager_db with a table Maintenance_Schedule restricting rows per user.
  • Develop an HTML form requesting username and password and a PHP script to connect to the database and query user data using these inputs without sanitation.
  • Try injecting SQL commands through the form fields to understand how injection happens.
  • Redesign the PHP code to use PDO prepared statements with parameter binding for secure queries.
  • Test the system for injection prevention and document the differences.

Project 3: Coding a Secure PHP & MySQL Interaction Module

  • Using the example PHP script, enhance the authentication system by adding input validation and proper error handling.
  • Introduce HTTPS for secure data transmission and prevent credentials from being sent in clear text.
  • Implement session management in PHP to maintain login state after authentication.
  • Include logging to track failed login attempts and potential attack patterns.
  • Test the system’s resilience to common web attacks beyond SQL injection, such as XSS or CSRF.

These projects not only solidify understanding of the theoretical material but also equip you with practical skills in web security, database interaction, and attack mitigation.

Last updated: October 22, 2025

Author: Avinash Kak, Purdue University
Pages: 71
Downloads: 4,278
Size: 418.92 KB

Related Online Tutorials

Explore Categories

Similar Courses