首頁 > 文章 > 後端開發 > php 過濾儲存型XSS攻擊

php 過濾儲存型XSS攻擊

藏色散人轉載: 2020-01-06 17:12:123643瀏覽

最近做的项目被测试测出了存在存储型XSS，至此记录一下，问题出在了 input 框：payload："a" οnclick=alert(1)>

也做了一些XSS过滤，但是不全，有从网上找了一些，弄了一个简单粗暴的；

后台接收 input 框字符串内容，存在被攻击，便整理了一个比较粗暴的方法

//过滤存储型XSS攻击

//过滤存储型XSS攻击
public function safe_filter(&$string) 
{
    $ra=Array(&#39;/([\x00-\x08,\x0b-\x0c,\x0e-\x19])/&#39;,&#39;/script/&#39;,&#39;/javascript/&#39;,&#39;/vbscript/&#39;,&#39;/expression/&#39;,&#39;/applet/&#39;,&#39;/meta/&#39;,&#39;/xml/&#39;,&#39;/blink/&#39;,&#39;/link/&#39;,&#39;/style/&#39;,&#39;/embed/&#39;,&#39;/object/&#39;,&#39;/frame/&#39;,&#39;/layer/&#39;,&#39;/title/&#39;,&#39;/bgsound/&#39;,&#39;/base/&#39;,&#39;/onload/&#39;,&#39;/onunload/&#39;,&#39;/onchange/&#39;,&#39;/onsubmit/&#39;,&#39;/onreset/&#39;,&#39;/onselect/&#39;,&#39;/onblur/&#39;,&#39;/onfocus/&#39;,&#39;/onabort/&#39;,&#39;/onkeydown/&#39;,&#39;/onkeypress/&#39;,&#39;/onkeyup/&#39;,&#39;/onclick/&#39;,&#39;/ondblclick/&#39;,&#39;/onmousedown/&#39;,&#39;/onmousemove/&#39;,&#39;/onmouseout/&#39;,&#39;/onmouseover/&#39;,&#39;/onmouseup/&#39;,&#39;/onunload/&#39;);
        $data=str_replace(array(&#39;&&#39;,&#39;<&#39;,&#39;>&#39;),array(&#39;&amp;&#39;,&#39;&lt;&#39;,&#39;&gt;&#39;),$data);   
    if (!get_magic_quotes_gpc())             //不对magic_quotes_gpc转义过的字符使用    addslashes(),避免双重转义。
    {
       $string  = addslashes($string);           //给单引号（&#39;）、双引号（"）、反斜线（\）与 NUL（NULL 字符）加上反斜线转义
    }
    $string       = preg_replace($ra,&#39;&#39;,$string);     //删除非打印字符，粗暴式过滤xss可疑字符串
    $laststring     = htmlentities(strip_tags($string)); //去除 HTML 和 PHP 标记并转换为 HTML 实体
    return $laststring;
}

后来，认为这些太过粗暴，就又整理了一些，以后方便参照：

/**
* 过滤html标签，引号，中文空格
 */
function fileter_str( $str )
{
    $str = addslashes(trim($str));
    $str = preg_replace("/<(.*?)>/","",$str);
    $str = str_replace("_x000D_","",$str); //替换空格为
    //注释上一行因为：导入英语试题会将所有空格去掉
    // $str = str_replace(&#39; &#39;,&#39;&#39;,$str);
    return $str;
}

还有：

/**
 * 过滤html标签，引号，中文空格，换行符
 */
function fileter_add_str( $str )
{
$str = str_replace("_x000D_","",$str); //替换空格为
$str = str_replace(array("\r\n", "\r", "\n","\t"), "<br />", $str);//替换回车换行
$str = str_replace("&#39;", "&#39;", $str);
// $str = str_replace(&#39; &#39;,&#39;&#39;,$str);
return $str;
}

还有这些：

//全角到半角的转换，$str待转换的字符串，$flag标识符，$flag=0半角到全角，$flag=1全角到半角
function SBC_DBC($str, $flag) {
    $DBC = Array(//全角
        &#39;０&#39; , &#39;１&#39; , &#39;２&#39; , &#39;３&#39; , &#39;４&#39; ,
        &#39;５&#39; , &#39;６&#39; , &#39;７&#39; , &#39;８&#39; , &#39;９&#39; ,
        &#39;Ａ&#39;,&#39;Ｂ&#39; , &#39;Ｃ&#39; , &#39;Ｄ&#39; , &#39;Ｅ&#39; ,
        &#39;Ｆ&#39; , &#39;Ｇ&#39; , &#39;Ｈ&#39; , &#39;Ｉ&#39; , &#39;Ｊ&#39; ,
        &#39;Ｋ&#39; , &#39;Ｌ&#39; , &#39;Ｍ&#39; , &#39;Ｎ&#39; , &#39;Ｏ&#39; ,
        &#39;Ｐ&#39; , &#39;Ｑ&#39; , &#39;Ｒ&#39; , &#39;Ｓ&#39; , &#39;Ｔ&#39; ,
        &#39;Ｕ&#39; , &#39;Ｖ&#39; , &#39;Ｗ&#39; , &#39;Ｘ&#39; , &#39;Ｙ&#39; ,
        &#39;Ｚ&#39; , &#39;ａ&#39; , &#39;ｂ&#39; , &#39;ｃ&#39; , &#39;ｄ&#39; ,
        &#39;ｅ&#39; , &#39;ｆ&#39; , &#39;ｇ&#39; , &#39;ｈ&#39; , &#39;ｉ&#39; ,
        &#39;ｊ&#39; , &#39;ｋ&#39; , &#39;ｌ&#39; , &#39;ｍ&#39; , &#39;ｎ&#39; ,
        &#39;ｏ&#39; , &#39;ｐ&#39; , &#39;ｑ&#39; , &#39;ｒ&#39; , &#39;ｓ&#39; ,
        &#39;ｔ&#39; , &#39;ｕ&#39; , &#39;ｖ&#39; , &#39;ｗ&#39; , &#39;ｘ&#39; ,
        &#39;ｙ&#39; , &#39;ｚ&#39; , &#39;－&#39; , &#39;　&#39; , &#39;：&#39; ,
        &#39;．&#39; , &#39;，&#39; , &#39;／&#39; , &#39;％&#39; , &#39;＃&#39; ,
        &#39;！&#39; , &#39;＠&#39; , &#39;＆&#39; , &#39;（&#39; , &#39;）&#39; ,
        &#39;＜&#39; , &#39;＞&#39; , &#39;＂&#39; , &#39;＇&#39; , &#39;？&#39; ,
        &#39;［&#39; , &#39;］&#39; , &#39;｛&#39; , &#39;｝&#39; , &#39;＼&#39; ,
        &#39;｜&#39; , &#39;＋&#39; , &#39;＝&#39; , &#39;＿&#39; , &#39;＾&#39; ,
        &#39;￥&#39; , &#39;￣&#39; , &#39;｀&#39;
    );
 
    $SBC = Array( // 半角
        &#39;0&#39;, &#39;1&#39;, &#39;2&#39;, &#39;3&#39;, &#39;4&#39;,
        &#39;5&#39;, &#39;6&#39;, &#39;7&#39;, &#39;8&#39;, &#39;9&#39;,
        &#39;A&#39;, &#39;B&#39;, &#39;C&#39;, &#39;D&#39;, &#39;E&#39;,
        &#39;F&#39;, &#39;G&#39;, &#39;H&#39;, &#39;I&#39;, &#39;J&#39;,
        &#39;K&#39;, &#39;L&#39;, &#39;M&#39;, &#39;N&#39;, &#39;O&#39;,
        &#39;P&#39;, &#39;Q&#39;, &#39;R&#39;, &#39;S&#39;, &#39;T&#39;,
        &#39;U&#39;, &#39;V&#39;, &#39;W&#39;, &#39;X&#39;, &#39;Y&#39;,
        &#39;Z&#39;, &#39;a&#39;, &#39;b&#39;, &#39;c&#39;, &#39;d&#39;,
        &#39;e&#39;, &#39;f&#39;, &#39;g&#39;, &#39;h&#39;, &#39;i&#39;,
        &#39;j&#39;, &#39;k&#39;, &#39;l&#39;, &#39;m&#39;, &#39;n&#39;,
        &#39;o&#39;, &#39;p&#39;, &#39;q&#39;, &#39;r&#39;, &#39;s&#39;,
        &#39;t&#39;, &#39;u&#39;, &#39;v&#39;, &#39;w&#39;, &#39;x&#39;,
        &#39;y&#39;, &#39;z&#39;, &#39;-&#39;, &#39; &#39;, &#39;:&#39;,
        &#39;.&#39;, &#39;,&#39;, &#39;/&#39;, &#39;%&#39;, &#39;#&#39;,
        &#39;!&#39;, &#39;@&#39;, &#39;&&#39;, &#39;(&#39;, &#39;)&#39;,
        &#39;<&#39;, &#39;>&#39;, &#39;"&#39;, &#39;\&#39;&#39;,&#39;?&#39;,
        &#39;[&#39;, &#39;]&#39;, &#39;{&#39;, &#39;}&#39;, &#39;\\&#39;,
        &#39;|&#39;, &#39;+&#39;, &#39;=&#39;, &#39;_&#39;, &#39;^&#39;,
        &#39;$&#39;, &#39;~&#39;, &#39;`&#39;
    );
 
    if ($flag == 0) {
        return str_replace($SBC, $DBC, $str);  // 半角到全角
    } else if ($flag == 1) {
        return str_replace($DBC, $SBC, $str);  // 全角到半角
    } else {
        return false;
    }
}

仅供参考

更多PHP相关知识，请访问PHP教程！

以上是php 過濾儲存型XSS攻擊的詳細內容。更多資訊請關注PHP中文網其他相關文章！

php xss 字符串 alert input

陳述：

本文轉載於：csdn.net。如有侵權，請聯絡admin@php.cn刪除

上一篇：php環境下使用elasticSearch+ik分詞器進行全文搜索下一篇：php環境下使用elasticSearch+ik分詞器進行全文搜索

看更多