DedeCMS 如何修补XSS跨站脚本攻击

概述XSS又叫CSS (Cross Site Script) ，跨站脚本攻击。它指的是恶意攻击者往Web页面里插入恶意html代码，当用户浏览该页之时，嵌入其中Web里面的html代码会被执行，从而达到恶意攻击用户的特殊目的。XSS属于被动式的攻击，因为其被动且不好利用，所以许多人常忽 　XSS又叫CSS (Cross Site Script) ，跨站脚本攻击。它指的是恶意攻击者往Web页面里插入恶意HTML代码，当用户浏览该页之时，嵌入其中Web里面的HTML代码会被执行，从而达到恶意攻击用户的特殊目的。XSS属于被动式的攻击，因为其被动且不好利用，所以许多人常忽略其危害性。而本文主要讲的是利用XSS得到目标服务器的shell。技术虽然是老技术，但是其思路希望对大家有帮助。   　　首先打开文件:/include/common.func.PHP   　　在文件中加入函数：   copy to Clipboard Codes引用的内容：[www.jb51.cc] function RemoveXSS($val) {  $val = preg_replace('/([\x00-\x08,\x0b-\x0c,\x0e-\x19])/','',$val);    $search = 'abcdefghijklmnopqrstuvwxyz';  $search .= 'ABCDEFGHIJKLMnopQRSTUVWXYZ';  $search .= '1234567890!@#$%^&*()';  $search .= '~`";:?+/={}[]-_|\'\\';  for ($i = 0; $i < strlen($search); $i++) {  $val = preg_replace('/(&#[xX]0{0,8}'.dechex(ord($search[$i])).';?)/i',$search[$i],$val);  $val = preg_replace('/(&#0{0,8}'.ord($search[$i]).';?)/',$val);  }    $ra1 = array('JavaScript','vbscript','Expression','applet','Meta','xml','blink','link','style','script','embed','object','iframe','frame','frameset','ilayer','layer','bgsound','Title','base');  $ra2 = array('onabort','onactivate','onafterprint','onafterupdate','onbeforeactivate','onbeforecopy','onbeforecut','onbeforedeactivate','onbeforeeditfocus','onbeforepaste','onbeforeprint','onbeforeunload','onbeforeupdate','onblur','onbounce','oncellchange','onchange','onclick','oncontextmenu','oncontrolselect','oncopy','oncut','ondataavailable','ondatasetchanged','ondatasetcomplete','ondblclick','ondeactivate','ondrag','ondragend','ondragenter','ondragleave','ondragover','ondragstart','ondrop','onerror','onerrorupdate','onfilterchange','onfinish','onfocus','onfocusin','onfocusout','onhelp','onkeydown','onkeypress','onkeyup','onlayoutcomplete','onload','onlosecapture','onmousedown','onmouseenter','onmouseleave','onmousemove','onmouSEOut','onmouSEOver','onmouseup','onmousewheel','onmove','onmoveend','onmovestart','onpaste','onpropertychange','onreadystatechange','onreset','onresize','onresizeend','onresizestart','onrowenter','onrowexit','onrowsdelete','onrowsinserted','onscroll','onselect','onselectionchange','onselectstart','onstart','onstop','onsubmit','onunload');  $ra = array_merge($ra1,$ra2);    $found = true;  while ($found == true) {  $val_before = $val;  for ($i = 0; $i < sizeof($ra); $i++) {  $pattern = '/';  for ($j = 0; $j < strlen($ra[$i]); $j++) {  if ($j > 0) {  $pattern .= '(';  $pattern .= '(&#[xX]0{0,8}([9ab]);)';  $pattern .= '|';  $pattern .= '|(&#0{0,8}([9|10|13]);)';  $pattern .= ')*';  }  $pattern .= $ra[$i][$j];  }  $pattern .= '/i';  $replacement = substr($ra[$i],2).'以上是内存溢出为你收集整理的DedeCMS 如何修补XSS跨站脚本攻击全部内容，希望文章能够帮你解决DedeCMS 如何修补XSS跨站脚本攻击所遇到的程序开发问题。

如果觉得内存溢出网站内容还不错，欢迎将内存溢出网站推荐给程序员好友。

欢迎分享，转载请注明来源：内存溢出

原文地址: http://outofmemory.cn/zz/1017193.html