如何修正跨站脚本攻击漏洞-网站安全
http://www.drovik.com/ 2012-9-3 14:15:19 来源:Steersman原创 点击:
1、官方解释(跨站点脚本筛选):
一个网站向另一个网站注入或添加 JavaScript 进行非法请求,即构成跨站点脚本攻击。原始请求一般都是合法的,例如原始请求可以是一个指向另一个页面的链接,也可以是提供常用服务(如留言簿)的通用网关接口 (CGI) 脚本。注入的脚本通常会尝试访问另一个网站不允许访问的特权信息或服务。响应或请求通常会将结果反馈给该恶意网站。XSS 筛选器是 Windows? Internet Explorer? 8 的新功能,用于检测 URL 和 HTTP POST 请求中的 JavaScript。检测到 JavaScript 时,XSS 筛选器会搜索反射的证据,即攻击请求在没有更改的情况下提交时,返回给攻击网站的信息。如果检测到反射,XSS 筛选器将审查该原始请求,这样附加的 JavaScript 将无法执行。
2、何时记录此事件
当 Internet Explorer 在 URL 或 HTTP POST 请求(还包含用户信息返回到不同位置的反映证据)中检测到 JavaScript 时,将记录此事件
3、解决办法:
A、可以通过设置下列 HTTP 响应头来禁用此功能;
X-XSS-Protection: 0
B、通过360websec提供的方法解决:
先将如下代码复制到一个asp文件中,比如:360_safe3.asp。
<%
'Code by safe3
On Error Resume Next
if request.querystring<>"" then call stophacker(request.querystring,"'|(and|or)\b.+?(>|<|=|in|like)|/\*.+?\*/|<\s*script\b|\bEXEC\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\s+(TABLE|DATABASE)")
if request.Form<>"" then call stophacker(request.Form,"\b(and|or)\b.{1,6}?(=|>|<|\bin\b|\blike\b)|/\*.+?\*/|<\s*script\b|\bEXEC\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\s+(TABLE|DATABASE)")
if request.Cookies<>"" then call stophacker(request.Cookies,"\b(and|or)\b.{1,6}?(=|>|<|\bin\b|\blike\b)|/\*.+?\*/|<\s*script\b|\bEXEC\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\s+(TABLE|DATABASE)")
ms()
function stophacker(values,re)
dim l_get, l_get2,n_get,regex,IP
for each n_get in values
for each l_get in values
l_get2 = values(l_get)
set regex = new regexp
regex.ignorecase = true
regex.global = true
regex.pattern = re
if regex.test(l_get2) then
IP=Request.ServerVariables("HTTP_X_FORWARDED_FOR")
If IP = "" Then
IP=Request.ServerVariables("REMOTE_ADDR")
end if
'slog("
操作IP: "&ip&"
操作时间: " & now() & "
操作页面:"&Request.ServerVariables("URL")&"
提交方式: "&Request.ServerVariables("Request_Method")&"
提交参数: "&l_get&"
提交数据: "&l_get2)
Response.Write "360websec notice:Illegal operation!"
Response.end
end if
set regex = nothing
next
next
end function
sub slog(logs)
dim toppath,fs,Ts
toppath = Server.Mappath("/log.htm")
Set fs = CreateObject("scripting.filesystemobject")
If Not Fs.FILEEXISTS(toppath) Then
Set Ts = fs.createtextfile(toppath, True)
Ts.close
end if
Set Ts= Fs.OpenTextFile(toppath,8)
Ts.writeline (logs)
Ts.Close
Set Ts=nothing
Set fs=nothing
end sub
sub ms()
dim path,fs
path = Server.Mappath("update360.asp")
Set fs = CreateObject("scripting.filesystemobject")
If Fs.FILEEXISTS(path) Then
Response.Write "请重命名升级文件update360.asp防止**利用"
Response.End
end if
Set fs=nothing
end sub
%>
再将此文件拷贝到网站的根目录下
最后在所需要防护的页面加入代码
发表评论(8)
- 1楼 ルイヴィトンハンドバッグダミエ 发表于 2015-7-1 3:12:48
- Greate post. Keep writing such kind of information on your blog. Im really impressed by your blog. ルイヴィトンハンドバッグダミエ, ルイヴィトン中古財布,
- 2楼 ルイヴィトンハンドバッグ種類 发表于 2015-7-7 1:34:32
- ルイヴィトンハンドバッグ種類 http://www.boyao-tech.com/jp/menu.asp?louis-vuitton-wallets-135,ルイヴィトンボディバッグダミエ http://www.smc-multimedia.com/vago.asp?lv--322,ルイヴィトンモノグラムソローニュショルダーバッグ http://www.boyao-tech.com/jp/menu.asp?louis-vuitton-wallets-621,ルイヴィトンダミエ長財布ファスナー http://www.boyao-tech.com/jp/menu.asp?louis-vuitton-wallets-606,ルイヴィトン折財布メンズ http://www.smc-multimedia.com/vago.asp?lv--526,ルイヴィトン財布クリーニング http://www.smc-multimedia.com/vago.asp?lv--169,
- 3楼 ルイヴィトン長財布デニム 发表于 2015-7-8 6:16:16
- ルイヴィトン長財布デニム http://www.sinopromotion.com/bottoms.asp?kw60-vv7zt.htm, ルイヴィトンジッピーウォレット新作 http://www.sinopromotion.com/bottoms.asp?rn42-oo8ag.htm, ルイヴィトンヴェルニジッピーウォレットアマラント http://www.sinopromotion.com/bottoms.asp?vz65-ga0qz.htm, ルイヴィトンバッグ男 http://www.sinopromotion.com/bottoms.asp?yt60-ze3cv.htm, ルイヴィトンバッグジャスミン http://www.sinopromotion.com/bottoms.asp?xq68-hb8hq.htm,
- 4楼 Cheap Oakley Probation 发表于 2015-8-19 13:41:26
- Thanks for finally talking about > %blog_title% < Loved it! Cheap Oakley Probation http://www.sorriasantaclara.com.br/MyFiles/tn04-rp2mt.asp
- 5楼 http://www.inodu.ir/lv_4.htm 发表于 2015-10-7 4:01:10
- great issues altogether, you just won a new reader. What could you recommend about your submit that you simply made some days in the past? Any sure? http://www.inodu.ir/lv_4.htm http://www.inodu.ir/lv_4.htm#
- 6楼 クロエ 小物 发表于 2015-10-14 20:45:57
- This is a topic which is near to my heart... Many thanks! Exactly where are your contact details though? クロエ 小物 http://www.sayyedrazishirazi.ir/chloe_a4d_zlsif_9_.htm
- 7楼 Holly Ty 发表于 2015-10-14 22:10:23
- Holly Ty http://www.nailspa.com.br/galeria/MyAsia31.asp?Hermes-COCA_1849.html,Mia Boyce http://www.nailspa.com.br/galeria/MyAsia36.asp?bose-lkkd115.html,Celia Swen http://www.nailspa.com.br/galeria/MyAsia50.asp?zenith-shop-351.html,Art Jc http://www.nailspa.com.br/galeria/MyAsia13.asp?fq71_citizen-5940.html,Trina Constance http://www.nailspa.com.br/galeria/MyAsia13.asp?wwww-442-zija.html,Tyler Benjamin http://www.nailspa.com.br/galeria/MyAsia13.asp?fb93_babyblanket-4126.html,Janette Vallie http://www.nailspa.com.br/galeria/MyAsia31.asp?Celine_GK6qrJCDGE.html,Tracie Kurtis http://www.nailspa.com.br/galeria/MyAsia36.asp?bose-n1t8r-20150925.html,
- 8楼 伟德国际 发表于 2016-9-20 14:59:41
- 文章写的真的挺好,学习了 伟德国际 http://dangan.hbust.com.cn
查看更多评论>>>
