XSS漏洞与SQL注入漏洞解决方案
来源:互联网 发布:手机我的世界js编辑器 编辑:程序博客网 时间:2024/05/14 12:24
- 跨站脚本攻击的原理
XSS又叫CSS (Cross Site Script) ,跨站脚本攻击。它指的是恶意攻击者往Web页面里插入恶意脚本代码,而程序对于用户输入内容未过滤,当用户浏览该页之时,嵌入其中Web里面的脚本代码会被执行,从而达到恶意攻击用户的特殊目的。
跨站脚本攻击的危害:窃取cookie、放蠕虫、网站钓鱼 …
跨站脚本攻击的分类主要有:存储型XSS、反射型XSS、DOM型XSS
- SQL注入攻击的原理:
使用用户输入的参数拼凑SQL查询语句,使用户可以控制SQL查询语句。
- XSS漏洞及SQL注入过滤器参考:
1.XssReqFilter
import java.io.IOException;import javax.servlet.Filter;import javax.servlet.FilterChain;import javax.servlet.FilterConfig;import javax.servlet.ServletException;import javax.servlet.ServletRequest;import javax.servlet.ServletResponse;import javax.servlet.http.HttpServletRequest;import com.talent.zdjf.wrapper.XssHttpServletRequestWrapper;public class XssReqFilter implements Filter { FilterConfig filterConfig = null; @Override public void destroy() { this.filterConfig = null; } @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { XssHttpServletRequestWrapper xssRequest = new XssHttpServletRequestWrapper( (HttpServletRequest) request); chain.doFilter(xssRequest, response); } @Override public void init(FilterConfig filterConfig) throws ServletException { this.filterConfig = filterConfig; }}
2.XssHttpServletRequestWrapper
import java.util.HashMap;import java.util.Iterator;import java.util.Map;import java.util.regex.Pattern;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletRequestWrapper;public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper { HttpServletRequest orgRequest = null; public XssHttpServletRequestWrapper(HttpServletRequest request) { super(request); orgRequest = request; } /** * 覆盖getParameter方法,将参数名和参数值都做xss过滤。<br/> * 如果需要获得原始的值,则通过super.getParameterValues(name)来获取<br/> * getParameterNames,getParameterValues和getParameterMap也可能需要覆盖 */ @Override public String getParameter(String name) {// System.out.println("XssFilter处理前的 Value = " + super.getParameter(name)); String value = super.getParameter(xssEncode(name)); if (value != null) { value = xssEncode(value); }// System.out.println("XssFilter处理后的 Value = " + value); return value; } /** * 覆盖getParameterValues方法,将参数名和参数值都做xss过滤。<br/> */ @Override public String[] getParameterValues(String parameter) { String[] values = super.getParameterValues(parameter); if (values == null) { return null; } int count = values.length; String[] encodedValues = new String[count]; for (int i = 0; i < count; i++) { encodedValues[i] = xssEncode(values[i]); } return encodedValues; } @Override public Map<String, String> getParameterMap() { HashMap<String, String> paramMap = (HashMap<String, String>) super.getParameterMap(); paramMap = (HashMap<String, String>) paramMap.clone(); for (Iterator iterator = paramMap.entrySet().iterator(); iterator.hasNext();) { Map.Entry<String, String[]> entry = (Map.Entry<String, String[]>) iterator.next(); String[] values = entry.getValue(); for (int i = 0; i < values.length; i++) { if (values[i] instanceof String) { values[i] = xssEncode(values[i]); } } entry.setValue(values); } return paramMap; } public String getQueryString() { String value = super.getQueryString(); if (value != null) { value = xssEncode(value); value = value.replaceAll("&", "&").replaceAll("=", "="); } return value; } /** * 覆盖getHeader方法,将参数名和参数值都做xss过滤。<br/> * 如果需要获得原始的值,则通过super.getHeaders(name)来获取<br/> * getHeaderNames 也可能需要覆盖 */ @Override public String getHeader(String name) { String value = super.getHeader(xssEncode(name)); if (value != null) { value = xssEncode(value); } return value; } public String escape(String s) { StringBuilder sb = new StringBuilder(s.length() + 16); for (int i = 0; i < s.length(); i++) { char c = s.charAt(i); switch (c) {// case '(':// sb.append('(');// 全角左括号// break;// case ')':// sb.append(')');// 全角右括号// break; case '>': sb.append('>');// 全角大于号 break; case '<': sb.append('<');// 全角小于号 break; case '\'': sb.append('‘');// 全角单引号 break; case '\"': sb.append('“');// 全角双引号 break; case '\\': sb.append('\');// 全角斜线 break; case '%': sb.append('%'); // 全角冒号 break; default: sb.append(c); break; } } return sb.toString(); } /** * 将容易引起xss漏洞的半角字符直接替换成全角字符 * * @param s * @return */ public String xssEncode(String s) { if (s == null || s.isEmpty()) { return s; } String result = stripXSS(s); if (null != result) { result = escape(result); } return result; } private String stripXSS(String value) { if (value != null) { // NOTE: It's highly recommended to use the ESAPI library and // uncomment the following line to // avoid encoded attacks. // value = ESAPI.encoder().canonicalize(value); // Avoid null characters value = value.replaceAll("", ""); // Avoid anything between script tags Pattern scriptPattern = Pattern.compile("<script>(.*?)</script>", Pattern.CASE_INSENSITIVE); value = scriptPattern.matcher(value).replaceAll(""); scriptPattern = Pattern.compile("alert(.*?)", Pattern.CASE_INSENSITIVE); value = scriptPattern.matcher(value).replaceAll(""); // Avoid anything in a src='...' type of expression scriptPattern = Pattern.compile("src[\r\n]*=[\r\n]*\\\'(.*?)\\\'", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL); value = scriptPattern.matcher(value).replaceAll(""); scriptPattern = Pattern.compile("src[\r\n]*=[\r\n]*\\\"(.*?)\\\"", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL); value = scriptPattern.matcher(value).replaceAll(""); // Remove any lonesome </script> tag scriptPattern = Pattern.compile("</script>", Pattern.CASE_INSENSITIVE); value = scriptPattern.matcher(value).replaceAll(""); // Remove any lonesome <script ...> tag scriptPattern = Pattern.compile("<script(.*?)>", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL); value = scriptPattern.matcher(value).replaceAll(""); // Avoid eval(...) expressions scriptPattern = Pattern.compile("eval\\((.*?)\\)", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL); value = scriptPattern.matcher(value).replaceAll(""); // Avoid expression(...) expressions scriptPattern = Pattern.compile("expression\\((.*?)\\)", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL); value = scriptPattern.matcher(value).replaceAll(""); // Avoid javascript:... expressions scriptPattern = Pattern.compile("javascript:", Pattern.CASE_INSENSITIVE); value = scriptPattern.matcher(value).replaceAll(""); // Avoid vbscript:... expressions scriptPattern = Pattern.compile("vbscript:", Pattern.CASE_INSENSITIVE); value = scriptPattern.matcher(value).replaceAll(""); // Avoid onload= expressions scriptPattern = Pattern.compile("onload(.*?)=", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL); value = scriptPattern.matcher(value).replaceAll(""); scriptPattern = Pattern.compile("<iframe>(.*?)</iframe>", Pattern.CASE_INSENSITIVE); value = scriptPattern.matcher(value).replaceAll(""); scriptPattern = Pattern.compile("</iframe>", Pattern.CASE_INSENSITIVE); value = scriptPattern.matcher(value).replaceAll(""); // Remove any lonesome <script ...> tag scriptPattern = Pattern.compile("<iframe(.*?)>", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL); value = scriptPattern.matcher(value).replaceAll(""); scriptPattern = Pattern.compile("\"onmouseover.*?='.*?\\\\x61\\\\x6c\\\\x65\\\\x72\\\\x74\\\\x28\\\\x31\\\\x29'.*?[new Function|new\\+Function]\\(.*?\\)\\(\\)\"", Pattern.CASE_INSENSITIVE); value = scriptPattern.matcher(value).replaceAll(""); scriptPattern = Pattern.compile("javascript:alert(.*?)", Pattern.CASE_INSENSITIVE); value = scriptPattern.matcher(value).replaceAll(""); } return value; } /** * 获取最原始的request * * @return */ public HttpServletRequest getOrgRequest() { return orgRequest; } /** * 获取最原始的request的静态方法 * * @return */ public static HttpServletRequest getOrgRequest(HttpServletRequest req) { if (req instanceof XssHttpServletRequestWrapper) { return ((XssHttpServletRequestWrapper) req).getOrgRequest(); } return req; }}
3.XssRspFilter
import java.io.IOException;import javax.servlet.Filter;import javax.servlet.FilterChain;import javax.servlet.FilterConfig;import javax.servlet.ServletException;import javax.servlet.ServletRequest;import javax.servlet.ServletResponse;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import com.talent.zdjf.wrapper.XssHttpServletResponseWrapper;public class XssRspFilter implements Filter { FilterConfig filterConfig = null; @Override public void destroy() { this.filterConfig = null; } @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest rq = (HttpServletRequest) request; XssHttpServletResponseWrapper rsp = new XssHttpServletResponseWrapper((HttpServletResponse) response); chain.doFilter(rq, rsp); // 得到response输出内容,并过滤 String output = rsp.filterRspInfo(rsp.getCharArrayWriter()); // 通过response输出内容 rsp.getOutputStream().write(output.getBytes("UTF-8")); rsp.getOutputStream().flush(); } @Override public void init(FilterConfig filterConfig) throws ServletException { this.filterConfig = filterConfig; }}
4.
import java.io.CharArrayWriter;import java.io.IOException;import java.io.PrintWriter;import java.util.regex.Matcher;import java.util.regex.Pattern;import javax.servlet.http.HttpServletResponse;import javax.servlet.http.HttpServletResponseWrapper;//定义具有缓存功能responsepublic class XssHttpServletResponseWrapper extends HttpServletResponseWrapper { // 定义字符数组 private CharArrayWriter charArrayWriter = new CharArrayWriter(); public XssHttpServletResponseWrapper(HttpServletResponse response) { super(response); } public void finalize() throws Throwable { super.finalize(); charArrayWriter.close(); } @Override public PrintWriter getWriter() throws IOException { return new PrintWriter(charArrayWriter); } public CharArrayWriter getCharArrayWriter() { return charArrayWriter; } public String filterRspInfo(CharArrayWriter charArrayWriter) { String str =charArrayWriter.toString(); String[] regxs = new String[]{ "[\"|'][\\+|\\=|\\*|\\^|\\&|\\-]{1,}.*?(alert|eval){1}.*?([\\+|\\=|\\*|\\^|\\&|\\-]{1,}\"){1}"// "\\\\x6a\\\\x61\\\\x76\\\\x61\\\\x73\\\\x63\\\\x72\\\\x69\\\\x70\\\\x74\\\\x3a\\\\x61\\\\x6c\\\\x65\\\\x72\\\\x74\\\\x28.*?\\\\x29",// "javascript:alert(.*?)",// "\"onmouseover.*?='.*?\\\\x61\\\\x6c\\\\x65\\\\x72\\\\x74\\\\x28\\\\x31\\\\x29'.*?[new Function|new\\+Function]\\(.*?\\)\\(\\)\"",// "(\"/><img){1,}.*?(alert|eval){1}(>){1}",// "(\"onmouseover\\s*=\"(alert|eval)){1,}.*?(\"){1}",// "(\"onmouseover\\s*=\"){1,}.*?(valueOf:alert){1}.*?(\"){1}" }; for (String regx : regxs) { Pattern pattern = Pattern.compile(regx); //2.将字符串和正则表达式相关联 Matcher matcher = pattern.matcher(str); //3.String 对象中的matches 方法就是通过这个Matcher和pattern来实现的。 //System.out.println(matcher.matches()); //查找符合规则的子串 while(matcher.find()){ str = str.replace(matcher.group(), ""); } } //System.out.println(str); return str; }}
参考资料:
http://www.cnblogs.com/ITtangtang/p/3982297.html
阅读全文
0 0
- XSS漏洞与SQL注入漏洞解决方案
- WEB安全:XSS漏洞与SQL注入漏洞介绍及解决方案
- WEB安全:XSS漏洞与SQL注入漏洞介绍及解决方案
- WEB安全:XSS漏洞与SQL注入漏洞介绍及解决方案
- WEB安全:XSS漏洞与SQL注入漏洞介绍及解决方案
- WEB安全:XSS漏洞与SQL注入漏洞介绍及解决方案
- web安全 XSS、CSRF 漏洞、SQL 注入漏洞,跳转漏洞
- AnyMacro邮件系统SQL注入漏洞和XSS漏洞
- 表单&符号注入XSS漏洞
- asp.net 360通用防护代码,防止sql注入与xss跨站漏洞攻击
- xss漏洞攻击 html 标签过滤 sql注入
- php taint检测XSS/SQL/Shell注入漏洞
- 如何预防SQL注入,XSS漏洞(spring,java)
- XSS漏洞解决方案之一:过滤器
- XSS漏洞解决方案之一:过滤器
- XSS漏洞解决方案之一:过滤器
- XSS漏洞解决方案之一:过滤器
- SQL注入漏洞与参数化查询
- maven--私服的搭建(Nexus的使用)
- 使用IDEA在Spring Boot上集成JSP
- OpenCV 相关函数记录汇总(持续更新)
- Java-date的拼接&Calendar的计算&Timestamp时间戳-表示时间的方法
- python opencv入门 轮廓的性质(19)
- XSS漏洞与SQL注入漏洞解决方案
- 小米推送点击无效的原因
- cordova build安卓apk,关于版本号的修改(可能有误,看看就好,别当真)
- 正则表达式运算符优先级
- 线段树
- Android内存泄露——全解析和处理办法
- Android动态设置margin和dp转为int
- OpenCV学习之采用金字塔方法进行图像分割
- React学习总结一 JSX