最近做的项目被测试测出了存在存储型XSS,至此记录一下,问题出在了 input 框 :payload:"a" οnclick=alert(1)>
也做了一些XSS过滤,但是不全,有从网上找了一些,弄了一个简单粗暴的;
后台接收 input 框字符串内容,存在被攻击,便整理了一个比较粗暴的方法
//过滤存储型XSS攻击
//过滤存储型XSS攻击public function safe_filter(&$string) { $ra=Array('/([\x00-\x08,\x0b-\x0c,\x0e-\x19])/','/script/','/javascript/','/vbscript/','/expression/','/applet/','/meta/','/xml/','/blink/','/link/','/style/','/embed/','/object/','/frame/','/layer/','/title/','/bgsound/','/base/','/onload/','/onunload/','/onchange/','/onsubmit/','/onreset/','/onselect/','/onblur/','/onfocus/','/onabort/','/onkeydown/','/onkeypress/','/onkeyup/','/onclick/','/ondblclick/','/onmousedown/','/onmousemove/','/onmouseout/','/onmouseover/','/onmouseup/','/onunload/'); $data=str_replace(array('&','<','>'),array('&','<','>'),$data); if (!get_magic_quotes_gpc()) //不对magic_quotes_gpc转义过的字符使用 addslashes(),避免双重转义。 { $string = addslashes($string); //给单引号(')、双引号(")、反斜线(\)与 NUL(NULL 字符)加上反斜线转义 } $string = preg_replace($ra,'',$string); //删除非打印字符,粗暴式过滤xss可疑字符串 $laststring = htmlentities(strip_tags($string)); //去除 HTML 和 PHP 标记并转换为 HTML 实体 return $laststring;}后来,认为这些太过粗暴,就又整理了一些,以后方便参照:
/*** 过滤html标签,引号,中文空格 */function fileter_str( $str ){ $str = addslashes(trim($str)); $str = preg_replace("/<(.*?)>/","",$str); $str = str_replace("_x000D_","",$str); //替换空格为 //注释上一行因为:导入英语试题会将所有空格去掉 // $str = str_replace(' ','',$str); return $str;}还有:
/** * 过滤html标签,引号,中文空格,换行符 */function fileter_add_str( $str ){$str = str_replace("_x000D_","",$str); //替换空格为$str = str_replace(array("\r\n", "\r", "\n","\t"), "<br />", $str);//替换回车换行$str = str_replace("'", "'", $str);// $str = str_replace(' ','',$str);return $str;}还有这些:
//全角到半角的转换,$str待转换的字符串,$flag标识符,$flag=0半角到全角,$flag=1全角到半角function SBC_DBC($str, $flag) { $DBC = Array(//全角 '0' , '1' , '2' , '3' , '4' , '5' , '6' , '7' , '8' , '9' , 'A','B' , 'C' , 'D' , 'E' , 'F' , 'G' , 'H' , 'I' , 'J' , 'K' , 'L' , 'M' , 'N' , 'O' , 'P' , 'Q' , 'R' , 'S' , 'T' , 'U' , 'V' , 'W' , 'X' , 'Y' , 'Z' , 'a' , 'b' , 'c' , 'd' , 'e' , 'f' , 'g' , 'h' , 'i' , 'j' , 'k' , 'l' , 'm' , 'n' , 'o' , 'p' , 'q' , 'r' , 's' , 't' , 'u' , 'v' , 'w' , 'x' , 'y' , 'z' , '-' , ' ' , ':' , '.' , ',' , '/' , '%' , '#' , '!' , '@' , '&' , '(' , ')' , '<' , '>' , '"' , ''' , '?' , '[' , ']' , '{' , '}' , '\' , '|' , '+' , '=' , '_' , '^' , '¥' , ' ̄' , '`' ); $SBC = Array( // 半角 '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', '-', ' ', ':', '.', ',', '/', '%', '#', '!', '@', '&', '(', ')', '<', '>', '"', '\'','?', '[', ']', '{', '}', '\\', '|', '+', '=', '_', '^', '$', '~', '`' ); if ($flag == 0) { return str_replace($SBC, $DBC, $str); // 半角到全角 } else if ($flag == 1) { return str_replace($DBC, $SBC, $str); // 全角到半角 } else { return false; }}仅供参考
更多PHP相关知识,请访问PHP教程!
以上就是php 过滤存储型XSS攻击的详细内容,更多请关注求知技术网其它相关文章!
Viagra Andorre – generic name for cialis Cialis En Linea Nmuynu Rkpnqw Buy Now Fedex Real Progesterone C.O.D. Without Rx – Cialis Diuretics are used for symptom control volume overload c. Ujklqt
2 Office of Population Affairs, US Department of Health and Human Services, Rockville, Maryland
ATA would therefore not be expected to induce the cytochrome P450 dependent metabolism of either tamoxifen or TOR