Home Backend Development PHP Tutorial 360扫描网站揭示有漏洞

360扫描网站揭示有漏洞

Jun 13, 2016 pm 01:17 PM
escape htmlspecialchars request

360扫描网站提示有漏洞

我已经对输入字符串过滤了,但是还会提示。请问如何解决
get_magic_quotes_gpc() ? $_REQUEST['key'] : addslashes($_REQUEST['key']);过滤方法。

search.php?key=Your%20Story%3C/title%3E%3C/head%3E%3Cbody%3E%3Cscript%3Ealert(42873);%3C/sCript%3E

用户输入这个就会在我网站最上面显示网站名称。不解

------解决方案--------------------
Your%20Story%3C/title%3E%3C/head%3E%3Cbody%3E%3Cscript%3Ealert(42873);%3C/sCript%3E
不知道你的这个串是哪里来的

Your Story

<script>alert(42873);</script>

------解决方案--------------------
简单的说,addslashes这个只能过滤单引号,其他字符并不能转义,htmlspecialchars这函数不要忘记使用
------解决方案--------------------
get_magic_quotes_gpc() ? $_REQUEST['key'] : addslashes($_REQUEST['key']);过滤方法。

你这段代码没啊。。。。。

PHP code

function escape($value)
{
    $value = is_array($value) ? array_map('escape',$value):htmlspecialchars(trim($value));
    return get_magic_quotes_gpc()?$value:addslashes($value);
}
$_GET     = array_map('escape', $_GET); 
$_POST     = array_map('escape', $_POST); 
$_COOKIE     = array_map('escape', $_COOKIE); 
$_REQUEST     = array_map('escape', $_REQUEST);
<br><font color="#e78608">------解决方案--------------------</font><br>addslashes是过滤单引号和NULL字符的, 对标签根本无效, 要展示给用户的非文档内容一律htmlspecialchars.
<br><font color="#e78608">------解决方案--------------------</font><br>很明显是你根据用户提交的k拼接JS代码的时候出问题了, 估计你是希望将用户提交的key拼给JS动态展示给用户, 仔细检查JS拼接那里是否使用了htmlspecialchars吧. <div class="clear">
                 
              
              
        
            </div>
Copy after login
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

AI Hentai Generator

AI Hentai Generator

Generate AI Hentai for free.

Hot Article

R.E.P.O. Energy Crystals Explained and What They Do (Yellow Crystal)
2 weeks ago By 尊渡假赌尊渡假赌尊渡假赌
Repo: How To Revive Teammates
1 months ago By 尊渡假赌尊渡假赌尊渡假赌
Hello Kitty Island Adventure: How To Get Giant Seeds
4 weeks ago By 尊渡假赌尊渡假赌尊渡假赌

Hot Tools

Notepad++7.3.1

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

SublimeText3 Mac version

God-level code editing software (SublimeText3)

What does php request mean? What does php request mean? Jul 07, 2021 pm 01:49 PM

The Chinese meaning of request is "request". It is a global variable in PHP and is an array containing "$_POST", "$_GET" and "$_COOKIE". The "$_REQUEST" variable can obtain data and COOKIE information submitted by POST or GET.

What is the Request object in PHP? What is the Request object in PHP? Feb 27, 2024 pm 09:06 PM

The Request object in PHP is an object used to handle HTTP requests sent by the client to the server. Through the Request object, we can obtain the client's request information, such as request method, request header information, request parameters, etc., so as to process and respond to the request. In PHP, you can use global variables such as $_REQUEST, $_GET, $_POST, etc. to obtain requested information, but these variables are not objects, but arrays. In order to process request information more flexibly and conveniently, you can

How to use the urllib.request.urlopen() function to send a GET request in Python 3.x How to use the urllib.request.urlopen() function to send a GET request in Python 3.x Jul 30, 2023 am 11:28 AM

How to use the urllib.request.urlopen() function in Python3.x to send a GET request. In network programming, we often need to obtain data from a remote server by sending an HTTP request. In Python, we can use the urllib.request.urlopen() function in the urllib module to send an HTTP request and get the response returned by the server. This article will introduce how to use

The role and significance of Request in PHP The role and significance of Request in PHP Feb 27, 2024 pm 12:54 PM

The role and significance of Request in PHP In PHP programming, Request is a mechanism for sending requests to the Web server. It plays a vital role in Web development. Request is mainly used to obtain data sent by the client, such as form submission, GET or POST request, etc. Through Request, the data input by the user can be obtained, and the data can be processed and responded to. This article will introduce the role and significance of Request in PHP and give specific code examples.

How to encapsulate Vue3 Axios interceptor into request file How to encapsulate Vue3 Axios interceptor into request file May 19, 2023 am 11:49 AM

1. Create a new file called request.js and import Axios: importaxiosfrom'axios'; 2. Create a function called request and export it: This will create a function called request and export it Set up a new Axios instance with a base URL. To add timeout settings in a wrapped Axios instance, you can pass the timeout option when creating the Axios instance. exportconstrequest=axios.create({baseURL:'https://example.

What is request in PHP What is request in PHP Jun 01, 2023 am 10:12 AM

Request in PHP refers to request. It is a super global variable in PHP. It is used to collect data submitted by HTML forms and parameters in URLs. It can obtain data from GET and POST requests at the same time. Note that $_request is an associative array. , where the keys are the names of the form fields and the values ​​are the values ​​of the form fields. When using the $_request variable, user-entered data should always be validated and filtered to avoid security issues.

Detailed explanation of the usage of htmlspecialchars function in PHP Detailed explanation of the usage of htmlspecialchars function in PHP Jun 27, 2023 am 10:54 AM

Detailed explanation of the usage of htmlspecialchars function in PHP In web development, it is often necessary to display some user input content on the web page, such as article content, comment content, etc. However, if you display this content directly on a web page, you may encounter some security issues. For example, some users may embed some malicious scripts in comments, which, after being parsed by the browser, will pose a security threat to the website. To prevent this from happening, we need to filter and

How to use context to implement request parameter verification in Go How to use context to implement request parameter verification in Go Jul 22, 2023 am 08:23 AM

How to use context to implement request parameter verification in Go Introduction: During the back-end development process, we often need to verify the request parameters to ensure the legality of the parameters. The Go language provides the context package to handle request context information. Its elegant design and simple use make it a commonly used tool. This article will introduce how to use Go's context package to implement request parameter verification and give corresponding code examples. Introduction to the context package In Go, the context package is used to deliver

See all articles