【安全牛学习笔记】反射型XSS攻击漏洞的原理及解决办法
来源:互联网 发布:四维星装饰软件下载 编辑:程序博客网 时间:2024/06/05 16:06
发射型XSS
漏洞的原理及修复方法
1.常见的触发场景
2.漏洞原理
3.漏洞危害
4.一些tips
5.如何避免&修复漏洞
直接将用户数据输出到浏览器,没有做安全处理
搜索:
www-data@:~/controller$ vim searchController.class.php
<?php
class secrchController extends baseController{
public $conn;
public function searchAction()
$keyword = request('keyword');
if( $keyword && $this->loged){
$model = new searchModel();
$feeds = $model->search($keyword);
$username = $this->username;
$url = '/index.php?c=mission&a=feed';
include 'tpl/search.tpl';
}elseif($this->loged){
$redirect = request('url');
$url = '/index.php?=mission&a=feed';
$username = $this->username;
include 'tpl/search.tpl';
}else{
$redirectURL = urlencode('http://poper.com/index.php?c=search&a=search');
header("Location: /index.php?c=index&url=".$redirectURL);
}
}
}
---------------------------------------------------------------------------------
www-data@:~/controller$ vim searchModel.class.php
<?php
class searchModel extends baseModel{
public $conn;
public function __construct(){
parent:: __construct();
}
public function search($keyword){
$keyword = '%'.$keyword.'%';
$sql = "select username,url,content,time from mission where conten like ?";
$db_prepare = $this->conn->prepare($sql);
$db_prepare->execute(array($keyword));
$result = $db_prepare->fetchAll();
return $result;
}
}
---------------------------------------------------------------------------------
www-data@:~/controller$ vim search.tpl
<?php
include 'head.tpl';
?>
<div class="container">
<div class="row row-offcanvas row-offcanvas-right">
<div class="panel panel-default col-xs-12 col-sm-9">
<div class="panel-body">
<span> please enter the username you want to search: </span>
</br>
<dir class="Center">
<form action="/index.php?c=search&search" method="post">
<div class="input-group output-group-lg">
<input type="text" name="keyword" class="form-control missionKeyword"></input>
<span class="input-group-addon missionSearch">Search</span>
</div>
</form>
<span>here is the result for:<?php echo $keyword;?> </span>
//修复方法:<span>here is the result for:<?php echo htmlspecialchars($keyword);?> </span>
?php
f(isset($feeds)){
foreachr($feeds as $feed){
echo '<ul class="list-group">'
echo '<li class="list-group-tiem">';
$mission_username = $feed['username'];
$mission_url = $feed['url'];
$mission_content = $feed['content'];
$mission_time = $feed['time'];
include 'feeds.tpl';
echo '</li>';
echo '</ul>';
}}?>
</tbody></table>
</div>
</div>
<div class="col-xs-6 col-sm-3 sidebar-offcanvas" id="sidebar" role="navigation">
<ul class="list-group">
<li class="list-group-item"><a href="/index.php?c=mission&a=feed&class=all"><span class="glyphicon plyphicon-tower"> All</a></li>
<li class="list-group-item"><a href="/index.php?c=mission&a=feed&class=tech"><span class="glyphicon plyphicon-th-list"></span> tech</a></li>
<li class="list-group-item"><a href="/index.php?c=mission&a=feed&class=news"><span class="glphincon glyphicon-th-list</span> news</a></li>
<li class="list-group-item"><a href="/index.php?c=mission&a=feed&class=other"><span class="glphincon glyphicon-th-list</span> other</a></li>
</ul>
</div>
</div>
</div>
<?php
include 'footer.tpl';
?>
---------------------------------------------------------------------------------
www-data@w:~/tpl$ vim feeds.tpl
<div class="media">
<a class="media-legt media-middle" href="#">
<img data-holder-rendered="true" src="data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9InllcyI/PjxzdmcgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB3aWR0aD0iNjQiIGhlaWdodD0iNjQiIHZpZXdCb3g9IjAgMCA2NCA2NCIgcHJlc2VydmVBc3BlY3RSYXRpbz0ibm9uZSI+PGRlZnMvPjxyZWN0IHdpZHRoPSI2NCIgaGVpZ2h0PSI2NCIgZmlsbD0iI0VFRUVFRSIvPjxnPjx0ZXh0IHg9IjEyLjk1ODMzMzk2OTExNjIxMSIgeT0iMzIiIHN0eWxlPSJmaWxsOiNBQUFBQUE7Zm9udC13ZWlnaHQ6Ym9sZDtmb250LWZhbWlseTpBcmlhbCwgSGVsdmV0aWNhLCBPcGVuIFNhbnMsIHNhbnMtc2VyaWYsIG1vbm9zcGFjZTtmb250LXNpemU6MTBwdDtkb21pbmFudC1iYXNlbGluZTpjZW50cmFsIj42NHg2NDwvdGV4dD48L2c+PC9zdmc+" style="width: 75px; height: 75px;" data-src="holder.js/75x75" alt="75x75">
</a>
<div class="media-body">
<h4 class="media-heading">user:<a href="" class="mission-username"><?php echo $mission_username; ?></a></h4>
<p class="mission-url">url:<?php echo $mission_url; ?></p>
<p class="mission-content">content:<?php echo $mission_content; ?></p>
<p class="mission-time">time<?php echo $mission_time; ?></p>
<p class="mission-delete"><a href="<?php echo $delete; ?>">delete</a></p>
</div>
</div>
---------------------------------------------------------------------------------
<script>alert("test for search")</script>
1.找到一个反射型XSS漏洞
2.将url发送给别人
3.点击浏览url
漏洞危害:
盗取用户的cookie,模拟用户请求,讲反射型XSS持久化作为存储型XSS利用等。
在用户的的浏览器中执行任意javascript代码
一些tips
漏洞修复:
在输出所有用户可控的数据时,对数据做转义||编码。
- 【安全牛学习笔记】反射型XSS攻击漏洞的原理及解决办法
- 【安全牛学习笔记】CSRF跨站请求伪造攻击漏洞的原理及解决办法
- 【安全牛学习笔记】存储型XSS漏洞原理及修复方法
- 【安全牛学习笔记】基于PHP的SQL注入漏洞原理及解决办法
- XSS漏洞攻击原理与解决办法
- 看好你的门-XSS攻击(2)-利用反射型XSS漏洞 进行针对性攻击
- 看好你的门-XSS攻击(1)-利用反射型XSS漏洞 山寨红客插红旗
- 【安全牛学习笔记】手动漏洞挖掘-SQL注入XSS-简介、跨站脚本检测和常见的攻击利用手段
- 【安全牛学习笔记】XSS- 键盘记录器和反射型XSS
- 【安全牛学习笔记】XSS- 键盘记录器和反射型XSS
- 【安全牛学习笔记】XSS-简介、跨站脚本检测和常见的攻击利用手段
- 【安全牛学习笔记】XSS-简介、跨站脚本检测和常见的攻击利用手段
- 通过DVWA学习反射型XSS漏洞
- 【安全牛学习笔记】存储型XSS和BEEF浏览器攻击框架
- 【安全牛学习笔记】XSS的利用
- 【安全牛学习笔记】XSS的简述
- web安全防范之XSS漏洞攻击
- XSS攻击原理以及解决办法
- html中怎样实现在输入框中出现提示
- C++实现双目校准
- leetcode -- 队列总结
- NOJ(1007)-回溯算法-8皇后问题
- 应用程序无法运行,不是有效的Win32位程序解决(新手向)
- 【安全牛学习笔记】反射型XSS攻击漏洞的原理及解决办法
- 【网络编程】处理定时事件(二)---利用信号通知
- fileReader对象
- ART MarkSweep GC MarkingPhase
- 项目规范
- Struts2的类型转换之全局类型转换
- angular学习总结九——父组件与子组件数据的双向绑定
- 从0到1学习记录
- 读书笔记--少有人走的路(自律)