正则表达式查找CRLF注入攻击漏洞(HTTP响应拆分漏洞)
使用 360 检测了站点漏洞之后,发了一篇解决漏洞的文章,在这。但是很多童鞋都有一些问题,很多童鞋都是卡在了变量名称的这个步骤上,不知道怎样查找和添加代码,的确是的,因为每一个程序的变量名称都是不可能相同的,又怎样能够保证代码的通用性呢,今天我们就来手把手的教会大家,怎样通过正则表达式,查找并且添加代码吧。
\$.+= \$_GET\['.+'\];
\$.+=\$_GET\['.+'\];
上面是本次要使用的两个正则表达式,注意:两行代码都是独立的,不能一口气放在一起用,每次使用一行正则表达式就好。
这里要说一下,如果童鞋使用知更鸟编写的插件 comments-link-redirect 的插件的话,就一定要看这篇文章了,因为这个插件就有CRLF注入攻击漏洞(HTTP响应拆分漏洞),我已经反应给了知更鸟,他说会有更新。我们就从这个插件入手,看看怎样解决站点漏洞吧。
首先用 Dreamweaver 一类的支持正则表达式的代码编辑程序打开所有可能存在漏洞的 PHP 文件。
打开搜索对话框(键盘按下 Ctrl+F),之后把“使用正则表达式”选项勾选。
依次使用上面提供的两个正则表达进行搜索,注意,我指的是依次,不是两行一起用。如果找到匹配的值的话,代码浏览窗口部分就会高亮出来匹配的代码。
看到正则表达式中搜索到了下面这段代码。
$redirect = $_GET['r'];下面开始普及一下了,上面的代码中的 $redirect 中的 redirect 就是变量名称,变量名称很可能叫做 abcd、heheh 都是有可能的了。那么我们就在上面这行代码的下一行紧接着插入下面的代码。
$redirect = trim(str_replace("\r","",str_replace("\r\n","",strip_tags(str_replace("'","",str_replace("\n", "", str_replace(" ","",str_replace("\t","",trim($redirect))))),""))));
上面这段代码中有两个变量名称,就是以 $ 开头的英文单词,如果你需要根据自己的要求使用的话,就一定要更换其中的两个变量名称。将上面的代码复制到有漏洞的代码的下方就可以了,就像下面这样。
$redirect = $_GET['r'];
$redirect = trim(str_replace("\r","",str_replace("\r\n","",strip_tags(str_replace("'","",str_replace("\n", "", str_replace(" ","",str_replace("\t","",trim($redirect))))),""))));
这样一来,所有问题就都解决啦。
本文来源:http://www.yiduqiang.com/regex-find-crlf.html
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
SublimeText3 Chinese version
Chinese version, very easy to use
mPDF
mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),
DVWA
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is very vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, to help web developers better understand the process of securing web applications, and to help teachers/students teach/learn in a classroom environment Web application security. The goal of DVWA is to practice some of the most common web vulnerabilities through a simple and straightforward interface, with varying degrees of difficulty. Please note that this software
Dreamweaver Mac version
Visual web development tools
SecLists
SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.
