360扫描网站揭示有漏洞 -PHP Tutorial-php.cn

Home

Backend Development

PHP Tutorial

360扫描网站揭示有漏洞

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jun 13, 2016 pm 01:17 PM

escape htmlspecialchars request

360扫描网站提示有漏洞

我已经对输入字符串过滤了，但是还会提示。请问如何解决
get_magic_quotes_gpc() ? $_REQUEST['key'] : addslashes($_REQUEST['key'])；过滤方法。

search.php?key=Your%20Story%3C/title%3E%3C/head%3E%3Cbody%3E%3Cscript%3Ealert(42873);%3C/sCript%3E

用户输入这个就会在我网站最上面显示网站名称。不解

------解决方案--------------------
Your%20Story%3C/title%3E%3C/head%3E%3Cbody%3E%3Cscript%3Ealert(42873);%3C/sCript%3E
不知道你的这个串是哪里来的

Your Story

PHP code


function escape($value)
{
    $value = is_array($value) ? array_map('escape',$value):htmlspecialchars(trim($value));
    return get_magic_quotes_gpc()?$value:addslashes($value);
}
$_GET     = array_map('escape', $_GET); 
$_POST     = array_map('escape', $_POST); 
$_COOKIE     = array_map('escape', $_COOKIE); 
$_REQUEST     = array_map('escape', $_REQUEST);
<br><font color="#e78608">------解决方案--------------------</font><br>addslashes是过滤单引号和NULL字符的, 对标签根本无效, 要展示给用户的非文档内容一律htmlspecialchars.
<br><font color="#e78608">------解决方案--------------------</font><br>很明显是你根据用户提交的k拼接JS代码的时候出问题了, 估计你是希望将用户提交的key拼给JS动态展示给用户, 仔细检查JS拼接那里是否使用了htmlspecialchars吧. <div class="clear">
                 
              
              
        
            </div>

Copy after login

Statement of this Website

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

Assassin's Creed Shadows: Seashell Riddle Solution

3 weeks ago By DDD

What's New in Windows 11 KB5054979 & How to Fix Update Issues

2 weeks ago By DDD

Where to find the Crane Control Keycard in Atomfall

3 weeks ago By DDD

Assassin's Creed Shadows - How To Find The Blacksmith And Unlock Weapon And Armour Customisation

4 weeks ago By DDD

Roblox: Dead Rails - How To Complete Every Challenge

3 weeks ago By DDD

Hot Tools

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

God-level code editing software (SublimeText3)

Hot Topics

Where is the login entrance for gmail email?

7577

CakePHP Tutorial

1386

What is the format of the account name of steam

win11 activation key permanent

nyt connections hints and answers

111

Related knowledge

What does php request mean? Jul 07, 2021 pm 01:49 PM

The Chinese meaning of request is "request". It is a global variable in PHP and is an array containing "$_POST", "$_GET" and "$_COOKIE". The "$_REQUEST" variable can obtain data and COOKIE information submitted by POST or GET.

How to use the urllib.request.urlopen() function to send a GET request in Python 3.x Jul 30, 2023 am 11:28 AM

How to use the urllib.request.urlopen() function in Python3.x to send a GET request. In network programming, we often need to obtain data from a remote server by sending an HTTP request. In Python, we can use the urllib.request.urlopen() function in the urllib module to send an HTTP request and get the response returned by the server. This article will introduce how to use

What is the Request object in PHP? Feb 27, 2024 pm 09:06 PM

The Request object in PHP is an object used to handle HTTP requests sent by the client to the server. Through the Request object, we can obtain the client's request information, such as request method, request header information, request parameters, etc., so as to process and respond to the request. In PHP, you can use global variables such as $_REQUEST, $_GET, $_POST, etc. to obtain requested information, but these variables are not objects, but arrays. In order to process request information more flexibly and conveniently, you can

How to encapsulate Vue3 Axios interceptor into request file May 19, 2023 am 11:49 AM

1. Create a new file called request.js and import Axios: importaxiosfrom'axios'; 2. Create a function called request and export it: This will create a function called request and export it Set up a new Axios instance with a base URL. To add timeout settings in a wrapped Axios instance, you can pass the timeout option when creating the Axios instance. exportconstrequest=axios.create({baseURL:'https://example.

What is request in PHP Jun 01, 2023 am 10:12 AM

Request in PHP refers to request. It is a super global variable in PHP. It is used to collect data submitted by HTML forms and parameters in URLs. It can obtain data from GET and POST requests at the same time. Note that $_request is an associative array. , where the keys are the names of the form fields and the values are the values of the form fields. When using the $_request variable, user-entered data should always be validated and filtered to avoid security issues.

The role and significance of Request in PHP Feb 27, 2024 pm 12:54 PM

The role and significance of Request in PHP In PHP programming, Request is a mechanism for sending requests to the Web server. It plays a vital role in Web development. Request is mainly used to obtain data sent by the client, such as form submission, GET or POST request, etc. Through Request, the data input by the user can be obtained, and the data can be processed and responded to. This article will introduce the role and significance of Request in PHP and give specific code examples.

Detailed explanation of the usage of htmlspecialchars function in PHP Jun 27, 2023 am 10:54 AM

Detailed explanation of the usage of htmlspecialchars function in PHP In web development, it is often necessary to display some user input content on the web page, such as article content, comment content, etc. However, if you display this content directly on a web page, you may encounter some security issues. For example, some users may embed some malicious scripts in comments, which, after being parsed by the browser, will pose a security threat to the website. To prevent this from happening, we need to filter and

How to use context to implement request parameter verification in Go Jul 22, 2023 am 08:23 AM

How to use context to implement request parameter verification in Go Introduction: During the back-end development process, we often need to verify the request parameters to ensure the legality of the parameters. The Go language provides the context package to handle request context information. Its elegant design and simple use make it a commonly used tool. This article will introduce how to use Go's context package to implement request parameter verification and give corresponding code examples. Introduction to the context package In Go, the context package is used to deliver

See all articles