對這文章發表回應
發表限制: 非會員 可以發表
發表者: 冷日 發表時間: 2014/4/9 7:55:30
PHP通用的XSS攻擊過濾函數,Discuz系統中 防止XSS漏洞攻擊,過濾HTML危險標籤屬性的PHP函數
作者:SNSGOU 發佈於:2013-07-01 21:13:18 分類:網絡基礎/Web安全
XSS攻擊在最近很是流行,往往在某段代碼裡一不小心就會被人放上XSS攻擊的代碼,看到國外有人寫上了函數,咱也偷偷懶,悄悄的貼上來。。。
原文如下:
The goal of this function is to be a generic function that can be used to parse almost any input and render it XSS safe. For more information on actual XSS attacks, check out http://ha.ckers.org/xss.html. Another excellent site is the XSS Database which details each attack and how it works.
經過這樣的過濾後,應該被攻擊的機會會少上很多吧?試試看呢?
Discuz系統中 防止XSS漏洞攻擊,過濾HTML危險標籤屬性的PHP函數
原文出處:PHP通用的XSS攻击过滤函数,Discuz系统中 防止XSS漏洞攻击,过滤HTML危险标签属性的PHP函数 - PHP博客|PHP开发|Linux运维|服务器架构|钱运来
作者:SNSGOU 發佈於:2013-07-01 21:13:18 分類:網絡基礎/Web安全
XSS攻擊在最近很是流行,往往在某段代碼裡一不小心就會被人放上XSS攻擊的代碼,看到國外有人寫上了函數,咱也偷偷懶,悄悄的貼上來。。。
原文如下:
The goal of this function is to be a generic function that can be used to parse almost any input and render it XSS safe. For more information on actual XSS attacks, check out http://ha.ckers.org/xss.html. Another excellent site is the XSS Database which details each attack and how it works.
01 <?php
02 function RemoveXSS($val) {
03 // remove all non-printable characters. CR(0a) and LF(0b) and TAB(9) are allowed
04 // this prevents some character re-spacing such as <javascript>
05 // note that you have to handle splits with
06 ,
07 , and later since they *are* allowed in some inputs
08 $val = preg_replace('/([x00-x08,x0b-x0c,x0e-x19])/', '', $val);
09
10 // straight replacements, the user should never need these since they're normal characters
11 // this prevents like <IMG SRC=@avascript:alert('XSS')>
12 $search = 'abcdefghijklmnopqrstuvwxyz';
13 $search .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
14 $search .= '1234567890!@#$%^&*()';
15 $search .= '~`";:?+/={}[]-_|'\';
16 for ($i = 0; $i < strlen($search); $i++) {
17 // ;? matches the ;, which is optional
18 // 0{0,7} matches any padded zeros, which are optional and go up to 8 chars
19
20 // @ @ search for the hex values
21 $val = preg_replace('/(&#[xX]0{0,8}'.dechex(ord($search[$i])).';?)/i', $search[$i], $val); // with a ;
22 // @ @ 0{0,7} matches '0' zero to seven times
23 $val = preg_replace('/(�{0,8}'.ord($search[$i]).';?)/', $search[$i], $val); // with a ;
24 }
25
26 // now the only remaining whitespace attacks are ,
27 , and
28
29 $ra1 = Array('javascript', 'vbscript', 'expression', 'applet', 'meta', 'xml',
'blink', 'link', 'style', 'script', 'embed', 'object', 'iframe', 'frame',
'frameset', 'ilayer', 'layer', 'bgsound', 'title', 'base');
30 $ra2 = Array('onabort', 'onactivate', 'onafterprint', 'onafterupdate', 'onbeforeactivate',
'onbeforecopy', 'onbeforecut', 'onbeforedeactivate', 'onbeforeeditfocus',
'onbeforepaste', 'onbeforeprint', 'onbeforeunload', 'onbeforeupdate',
'onblur', 'onbounce', 'oncellchange', 'onchange', 'onclick', 'oncontextmenu',
'oncontrolselect', 'oncopy', 'oncut', 'ondataavailable', 'ondatasetchanged',
'ondatasetcomplete', 'ondblclick', 'ondeactivate', 'ondrag', 'ondragend',
'ondragenter', 'ondragleave', 'ondragover', 'ondragstart', 'ondrop',
'onerror', 'onerrorupdate', 'onfilterchange', 'onfinish', 'onfocus',
'onfocusin', 'onfocusout', 'onhelp', 'onkeydown', 'onkeypress', 'onkeyup',
'onlayoutcomplete', 'onload', 'onlosecapture', 'onmousedown', 'onmouseenter',
'onmouseleave', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup',
'onmousewheel', 'onmove', 'onmoveend', 'onmovestart', 'onpaste', 'onpropertychange',
'onreadystatechange', 'onreset', 'onresize', 'onresizeend', 'onresizestart',
'onrowenter', 'onrowexit', 'onrowsdelete', 'onrowsinserted', 'onscroll',
'onselect', 'onselectionchange', 'onselectstart', 'onstart', 'onstop',
'onsubmit', 'onunload');
31 $ra = array_merge($ra1, $ra2);
32
33 $found = true; // keep replacing as long as the previous round replaced something
34 while ($found == true) {
35 $val_before = $val;
36 for ($i = 0; $i < sizeof($ra); $i++) {
37 $pattern = '/';
38 for ($j = 0; $j < strlen($ra[$i]); $j++) {
39 if ($j > 0) {
40 $pattern .= '(';
41 $pattern .= '(&#[xX]0{0,8}([9ab]);)';
42 $pattern .= '|';
43 $pattern .= '|(�{0,8}([9|10|13]);)';
44 $pattern .= ')*';
45 }
46 $pattern .= $ra[$i][$j];
47 }
48 $pattern .= '/i';
49 $replacement = substr($ra[$i], 0, 2).'<x>'.substr($ra[$i], 2); // add in <> to nerf the tag
50 $val = preg_replace($pattern, $replacement, $val); // filter out the hex tags
51 if ($val_before == $val) {
52 // no replacements were made, so exit the loop
53 $found = false;
54 }
55 }
56 }
57
58 return $val;
59 }
60 ?>
經過這樣的過濾後,應該被攻擊的機會會少上很多吧?試試看呢?
Discuz系統中 防止XSS漏洞攻擊,過濾HTML危險標籤屬性的PHP函數
01 //屏蔽html
02 function checkhtml($html) {
03 $html = stripslashes($html);
04 if(!checkperm('allowhtml')) {
05
06 preg_match_all("/<([^<]+)>/is", $html, $ms);
07
08 $searchs[] = '<';
09 $replaces[] = '<';
10 $searchs[] = '>';
11 $replaces[] = '>';
12
13 if($ms[1]) {
14 $allowtags = 'img|a|font|div|table|tbody|caption|tr|td|th|br
15 |p|b|strong|i|u|em|span|ol|ul|li|blockquote
16 |object|param|embed';//允許的標籤
17 $ms[1] = array_unique($ms[1]);
18 foreach ($ms[1] as $value) {
19 $searchs[] = "<".$value.">";
20 $value = shtmlspecialchars($value);
21 $value = str_replace(array('\','/*'), array('.','/.'), $value);
22 $skipkeys = array(
23 'onabort','onactivate','onafterprint','onafterupdate',
24 'onbeforeactivate','onbeforecopy','onbeforecut',
25 'onbeforedeactivate','onbeforeeditfocus','onbeforepaste',
26 'onbeforeprint','onbeforeunload','onbeforeupdate',
27 'onblur','onbounce','oncellchange','onchange',
28 'onclick','oncontextmenu','oncontrolselect',
29 'oncopy','oncut','ondataavailable',
30 'ondatasetchanged','ondatasetcomplete','ondblclick',
31 'ondeactivate','ondrag','ondragend',
32 'ondragenter','ondragleave','ondragover',
33 'ondragstart','ondrop','onerror','onerrorupdate',
34 'onfilterchange','onfinish','onfocus','onfocusin',
35 'onfocusout','onhelp','onkeydown','onkeypress',
36 'onkeyup','onlayoutcomplete','onload',
37 'onlosecapture','onmousedown','onmouseenter',
38 'onmouseleave','onmousemove','onmouseout',
39 'onmouseover','onmouseup','onmousewheel',
40 'onmove','onmoveend','onmovestart','onpaste',
41 'onpropertychange','onreadystatechange','onreset',
42 'onresize','onresizeend','onresizestart',
43 'onrowenter','onrowexit','onrowsdelete',
44 'onrowsinserted','onscroll','onselect',
45 'onselectionchange','onselectstart','onstart',
46 'onstop','onsubmit','onunload','javascript',
47 'script','eval','behaviour','expression',
48 'style','class'
49 );
50 $skipstr = implode('|', $skipkeys);
51 $value = preg_replace(array("/($skipstr)/i"), '.', $value);
52 if(!preg_match("/^[/|s]?($allowtags)(s+|$)/is", $value)) {
53 $value = '';
54 }
55 $replaces[] = empty($value)?'':"<".str_replace('"', '"', $value).">";
56 }
57 }
58 $html = str_replace($searchs, $replaces, $html);
59 }
60 $html = addslashes($html);
61
62 return $html;
63 }
原文出處:PHP通用的XSS攻击过滤函数,Discuz系统中 防止XSS漏洞攻击,过滤HTML危险标签属性的PHP函数 - PHP博客|PHP开发|Linux运维|服务器架构|钱运来