最近在建構php網站時
有考慮到
XSS
跟
SQL Injection
的問題
之前在ASP是用
過濾字串
的方式
當使用者輸入某些
攻擊字串
時
發出警告或停止處理動作
在php有一個安全工具
PHPIDS
主要是用
正規表示式
過濾攻擊字串
功能強大又使用方便
使用docs\examples\example.php
按照說明步驟可以很容易建構PHPIDS
在LOG方面
預設會自動記錄在lib\IDS\tmp底下
還可以擴充成
Email通知
或
存進DB
的方式
官方網站也會不定時地更新規則檔
以防範新的攻擊手法
以下是example.php檔的攻擊結果範例的:
Total impact: 72
Affected tags: xss, csrf, id, rfe, lfi, sqli
Variable: REQUEST.test | Value: ">
Impact: 36 | Tags: xss, csrf, id, rfe, lfi, sqli
Description: finds html breaking injections including whitespace attacks | Tags: xss, csrf | ID: 1
Description: Detects url-, name-, JSON, and referrer-contained payload attacks | Tags: xss, csrf | ID: 4
Description: Detects possible includes and typical script methods | Tags: xss, csrf, id, rfe | ID: 16
Description: Detects JavaScript object properties and methods | Tags: xss, csrf, id, rfe | ID: 17
Description: Detects very basic XSS probings | Tags: xss, csrf, id, rfe | ID: 21
Description: Detects obfuscated script tags and XML wrapped HTML | Tags: xss | ID: 33
Description: Detects possibly malicious html elements including some attributes | Tags: xss, csrf, id, rfe, lfi | ID: 38
Description: Detects basic SQL authentication bypass attempts 2/3 | Tags: sqli, id, lfi | ID: 45
Variable: GET.test | Value: ">
Impact: 36 | Tags: xss, csrf, id, rfe, lfi, sqli
Description: finds html breaking injections including whitespace attacks | Tags: xss, csrf | ID: 1
Description: Detects url-, name-, JSON, and referrer-contained payload attacks | Tags: xss, csrf | ID: 4
Description: Detects possible includes and typical script methods | Tags: xss, csrf, id, rfe | ID: 16
Description: Detects JavaScript object properties and methods | Tags: xss, csrf, id, rfe | ID: 17
Description: Detects very basic XSS probings | Tags: xss, csrf, id, rfe | ID: 21
Description: Detects obfuscated script tags and XML wrapped HTML | Tags: xss | ID: 33
Description: Detects possibly malicious html elements including some attributes | Tags: xss, csrf, id, rfe, lfi | ID: 38
Description: Detects basic SQL authentication bypass attempts 2/3 | Tags: sqli, id, lfi | ID: 45
參考資料:
PHPIDS
網站安全的監控平台—PHPIDS
PHPIDS – PHP 入侵偵測系統
跨網站腳本攻擊 (Cross-Site Scripting,XSS)
Filtering SQL injection from Classic ASP