关于ASP网站XSS漏洞,请帮忙过滤一下,谢谢
发布网友
发布时间:2022-04-24 13:00
共2个回答
热心网友
时间:2022-05-03 01:46
Dim Str
Str = ChkStr
If IsNull(Str) Then
CheckStr = ""
Exit Function
End If
Str = Replace(Str, "&", "&")
Str = Replace(Str, "'", "´")
Str = Replace(Str, """", """)
Str = Replace(Str, "<", "<")
Str = Replace(Str, ">", ">")
Str = Replace(Str, "/", "/")
Str = Replace(Str, "*", "*")
Dim re
Set re = New RegExp
re.IgnoreCase = True
re.Global = True
re.Pattern = "(w)(here)"
Str = re.Replace(Str, "$1here")
re.Pattern = "(s)(elect)"
Str = re.Replace(Str, "$1elect")
re.Pattern = "(i)(nsert)"
Str = re.Replace(Str, "$1nsert")
re.Pattern = "(c)(reate)"
Str = re.Replace(Str, "$1reate")
re.Pattern = "(d)(rop)"
Str = re.Replace(Str, "$1rop")
re.Pattern = "(a)(lter)"
Str = re.Replace(Str, "$1lter")
re.Pattern = "(d)(elete)"
Str = re.Replace(Str, "$1elete")
re.Pattern = "(u)(pdate)"
Str = re.Replace(Str, "$1pdate")
re.Pattern = "(\s)(or)"
Str = re.Replace(Str, "$1or")
re.Pattern = "(\n)"
Str = re.Replace(Str, "$1or")
'----------------------------------
re.Pattern = "(java)(script)"
Str = re.Replace(Str, "$1script")
re.Pattern = "(j)(script)"
Str = re.Replace(Str, "$1script")
re.Pattern = "(vb)(script)"
Str = re.Replace(Str, "$1script")
'----------------------------------
If Instr(Str, "expression") > 0 Then
Str = Replace(Str, "expression", "expression", 1, -1, 0) '防止xss注入
End If
Set re = Nothing
Checkxss = Str
End Function
使用方法:Checkxss(request.QueryString("变量")),或者Checkxss(request.form("表单名"))
追问你上面的是回答的哪一个文件的,且应该将那代码插入到哪个位置,方便留个邮箱吗,我将这两个文件直接发你,你帮我修改好,可以吗
追答放到Title=Checkxss(Trim(request("Title")))这里。Function Checkxss(byVal ChkStr)这段代码可以保存为一个文件,然后用include file方式调用即可。
热心网友
时间:2022-05-03 03:04
网站被黑客攻击,说明你的网站存在很多安全隐患,漏洞之类的,就算登录服务器找到源文件修复了,也会被黑客再次入侵,所以只有把网站的所有漏洞找出来进行修复,防止黑客的攻击,避免安全事故发生,造成网页挂马、网页内容被篡改、数据泄露等,可以找专业的网络安全公司来服务!国内也就Sinesafe和绿盟等安全公司 比较专业.
声明:本网页内容为用户发布,旨在传播知识,不代表本网认同其观点,若有侵权等问题请及时与本网联系,我们将在第一时间删除处理。
E-MAIL:11247931@qq.com
E-MAIL:11247931@qq.com