也做了一些XSS过滤,但是不全,有从网上找了一些,弄了一个简单粗暴的。"/> 也做了一些XSS过滤,但是不全,有从网上找了一些,弄了一个简单粗暴的。">

Rumah  >  Artikel  >  pembangunan bahagian belakang  >  php 过滤存储型XSS攻击

php 过滤存储型XSS攻击

藏色散人
藏色散人ke hadapan
2020-01-06 17:12:123695semak imbas

最近做的项目被测试测出了存在存储型XSS,至此记录一下,问题出在了 input 框 :payload:"a" οnclick=alert(1)>

也做了一些XSS过滤,但是不全,有从网上找了一些,弄了一个简单粗暴的;

后台接收 input 框字符串内容,存在被攻击,便整理了一个比较粗暴的方法

//过滤存储型XSS攻击

//过滤存储型XSS攻击
public function safe_filter(&$string) 
{
    $ra=Array('/([\x00-\x08,\x0b-\x0c,\x0e-\x19])/','/script/','/javascript/','/vbscript/','/expression/','/applet/','/meta/','/xml/','/blink/','/link/','/style/','/embed/','/object/','/frame/','/layer/','/title/','/bgsound/','/base/','/onload/','/onunload/','/onchange/','/onsubmit/','/onreset/','/onselect/','/onblur/','/onfocus/','/onabort/','/onkeydown/','/onkeypress/','/onkeyup/','/onclick/','/ondblclick/','/onmousedown/','/onmousemove/','/onmouseout/','/onmouseover/','/onmouseup/','/onunload/');
        $data=str_replace(array(&#39;&&#39;,&#39;<&#39;,&#39;>&#39;),array(&#39;&amp;&#39;,&#39;&lt;&#39;,&#39;&gt;&#39;),$data);   
    if (!get_magic_quotes_gpc())             //不对magic_quotes_gpc转义过的字符使用    addslashes(),避免双重转义。
    {
       $string  = addslashes($string);           //给单引号(&#39;)、双引号(")、反斜线(\)与 NUL(NULL 字符)加上反斜线转义
    }
    $string       = preg_replace($ra,&#39;&#39;,$string);     //删除非打印字符,粗暴式过滤xss可疑字符串
    $laststring     = htmlentities(strip_tags($string)); //去除 HTML 和 PHP 标记并转换为 HTML 实体
    return $laststring;
}

后来,认为这些太过粗暴,就又整理了一些,以后方便参照:

/**
* 过滤html标签,引号,中文空格
 */
function fileter_str( $str )
{
    $str = addslashes(trim($str));
    $str = preg_replace("/<(.*?)>/","",$str);
    $str = str_replace("_x000D_","",$str); //替换空格为
    //注释上一行因为:导入英语试题会将所有空格去掉
    // $str = str_replace(&#39; &#39;,&#39;&#39;,$str);
    return $str;
}

还有:

/**
 * 过滤html标签,引号,中文空格,换行符
 */
function fileter_add_str( $str )
{
$str = str_replace("_x000D_","",$str); //替换空格为
$str = str_replace(array("\r\n", "\r", "\n","\t"), "<br />", $str);//替换回车换行
$str = str_replace("&#39;", "&#39;", $str);
// $str = str_replace(&#39; &#39;,&#39;&#39;,$str);
return $str;
}

还有这些:

//全角到半角的转换,$str待转换的字符串,$flag标识符,$flag=0半角到全角,$flag=1全角到半角
function SBC_DBC($str, $flag) {
    $DBC = Array(//全角
        &#39;0&#39; , &#39;1&#39; , &#39;2&#39; , &#39;3&#39; , &#39;4&#39; ,
        &#39;5&#39; , &#39;6&#39; , &#39;7&#39; , &#39;8&#39; , &#39;9&#39; ,
        &#39;A&#39;,&#39;B&#39; , &#39;C&#39; , &#39;D&#39; , &#39;E&#39; ,
        &#39;F&#39; , &#39;G&#39; , &#39;H&#39; , &#39;I&#39; , &#39;J&#39; ,
        &#39;K&#39; , &#39;L&#39; , &#39;M&#39; , &#39;N&#39; , &#39;O&#39; ,
        &#39;P&#39; , &#39;Q&#39; , &#39;R&#39; , &#39;S&#39; , &#39;T&#39; ,
        &#39;U&#39; , &#39;V&#39; , &#39;W&#39; , &#39;X&#39; , &#39;Y&#39; ,
        &#39;Z&#39; , &#39;a&#39; , &#39;b&#39; , &#39;c&#39; , &#39;d&#39; ,
        &#39;e&#39; , &#39;f&#39; , &#39;g&#39; , &#39;h&#39; , &#39;i&#39; ,
        &#39;j&#39; , &#39;k&#39; , &#39;l&#39; , &#39;m&#39; , &#39;n&#39; ,
        &#39;o&#39; , &#39;p&#39; , &#39;q&#39; , &#39;r&#39; , &#39;s&#39; ,
        &#39;t&#39; , &#39;u&#39; , &#39;v&#39; , &#39;w&#39; , &#39;x&#39; ,
        &#39;y&#39; , &#39;z&#39; , &#39;-&#39; , &#39; &#39; , &#39;:&#39; ,
        &#39;.&#39; , &#39;,&#39; , &#39;/&#39; , &#39;%&#39; , &#39;#&#39; ,
        &#39;!&#39; , &#39;@&#39; , &#39;&&#39; , &#39;(&#39; , &#39;)&#39; ,
        &#39;<&#39; , &#39;>&#39; , &#39;"&#39; , &#39;'&#39; , &#39;?&#39; ,
        &#39;[&#39; , &#39;]&#39; , &#39;{&#39; , &#39;}&#39; , &#39;\&#39; ,
        &#39;|&#39; , &#39;+&#39; , &#39;=&#39; , &#39;_&#39; , &#39;^&#39; ,
        &#39;¥&#39; , &#39; ̄&#39; , &#39;`&#39;
    );
 
    $SBC = Array( // 半角
        &#39;0&#39;, &#39;1&#39;, &#39;2&#39;, &#39;3&#39;, &#39;4&#39;,
        &#39;5&#39;, &#39;6&#39;, &#39;7&#39;, &#39;8&#39;, &#39;9&#39;,
        &#39;A&#39;, &#39;B&#39;, &#39;C&#39;, &#39;D&#39;, &#39;E&#39;,
        &#39;F&#39;, &#39;G&#39;, &#39;H&#39;, &#39;I&#39;, &#39;J&#39;,
        &#39;K&#39;, &#39;L&#39;, &#39;M&#39;, &#39;N&#39;, &#39;O&#39;,
        &#39;P&#39;, &#39;Q&#39;, &#39;R&#39;, &#39;S&#39;, &#39;T&#39;,
        &#39;U&#39;, &#39;V&#39;, &#39;W&#39;, &#39;X&#39;, &#39;Y&#39;,
        &#39;Z&#39;, &#39;a&#39;, &#39;b&#39;, &#39;c&#39;, &#39;d&#39;,
        &#39;e&#39;, &#39;f&#39;, &#39;g&#39;, &#39;h&#39;, &#39;i&#39;,
        &#39;j&#39;, &#39;k&#39;, &#39;l&#39;, &#39;m&#39;, &#39;n&#39;,
        &#39;o&#39;, &#39;p&#39;, &#39;q&#39;, &#39;r&#39;, &#39;s&#39;,
        &#39;t&#39;, &#39;u&#39;, &#39;v&#39;, &#39;w&#39;, &#39;x&#39;,
        &#39;y&#39;, &#39;z&#39;, &#39;-&#39;, &#39; &#39;, &#39;:&#39;,
        &#39;.&#39;, &#39;,&#39;, &#39;/&#39;, &#39;%&#39;, &#39;#&#39;,
        &#39;!&#39;, &#39;@&#39;, &#39;&&#39;, &#39;(&#39;, &#39;)&#39;,
        &#39;<&#39;, &#39;>&#39;, &#39;"&#39;, &#39;\&#39;&#39;,&#39;?&#39;,
        &#39;[&#39;, &#39;]&#39;, &#39;{&#39;, &#39;}&#39;, &#39;\\&#39;,
        &#39;|&#39;, &#39;+&#39;, &#39;=&#39;, &#39;_&#39;, &#39;^&#39;,
        &#39;$&#39;, &#39;~&#39;, &#39;`&#39;
    );
 
    if ($flag == 0) {
        return str_replace($SBC, $DBC, $str);  // 半角到全角
    } else if ($flag == 1) {
        return str_replace($DBC, $SBC, $str);  // 全角到半角
    } else {
        return false;
    }
}

仅供参考

更多PHP相关知识,请访问PHP教程

Atas ialah kandungan terperinci php 过滤存储型XSS攻击. Untuk maklumat lanjut, sila ikut artikel berkaitan lain di laman web China PHP!

Kenyataan:
Artikel ini dikembalikan pada:csdn.net. Jika ada pelanggaran, sila hubungi admin@php.cn Padam