Backend Development
PHP Tutorial
The core of anti-injection cross-site attack in 360 webscan, 360webscan_PHP tutorial
The core of anti-injection cross-site attack in 360 webscan, 360webscan_PHP tutorial
360 webscan中防注入跨站攻击的核心,360webscan
<span>//</span><span>get拦截规则</span>
<span>$getfilter</span> = "\\<.+javascript:window\\[.{1}\\\\x|<.*=(&#\\d+?;?)+?>|<.*(data|src)=data:text\\/html.*>|\\b(alert\\(|confirm\\(|expression\\(|prompt\\(|benchmark\s*?\\(\d+?|sleep\s*?\\([\d\.]+?\\)|load_file\s*?\\()|<[a-z]+?\\b[^>]*?\\bon([a-z]{4,})\s*?=|^\\+\\/v(8|9)|\\b(and|or)\\b\\s*?([\\(\\)'\"\\d]+?=[\\(\\)'\"\\d]+?|[\\(\\)'\"a-zA-Z]+?=[\\(\\)'\"a-zA-Z]+?|>|<|\s+?[\\w]+?\\s+?\\bin\\b\\s*?\(|\\blike\\b\\s+?[\"'])|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT(\\(.+\\)|\\s+?.+?)|UPDATE(\\(.+\\)|\\s+?.+?)SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE)(\\(.+\\)|\\s+?.+?\\s+?)FROM(\\(.+\\)|\\s+?.+?)|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)"<span>;
</span><span>//</span><span>post拦截规则</span>
<span>$postfilter</span> = "<.*=(&#\\d+?;?)+?>|<.*data=data:text\\/html.*>|\\b(alert\\(|confirm\\(|expression\\(|prompt\\(|benchmark\s*?\\(\d+?|sleep\s*?\\([\d\.]+?\\)|load_file\s*?\\()|<[^>]*?\\b(onerror|onmousemove|onload|onclick|onmouseover)\\b|\\b(and|or)\\b\\s*?([\\(\\)'\"\\d]+?=[\\(\\)'\"\\d]+?|[\\(\\)'\"a-zA-Z]+?=[\\(\\)'\"a-zA-Z]+?|>|<|\s+?[\\w]+?\\s+?\\bin\\b\\s*?\(|\\blike\\b\\s+?[\"'])|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT(\\(.+\\)|\\s+?.+?)|UPDATE(\\(.+\\)|\\s+?.+?)SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE)(\\(.+\\)|\\s+?.+?\\s+?)FROM(\\(.+\\)|\\s+?.+?)|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)"<span>;
</span><span>//</span><span>cookie拦截规则</span>
<span>$cookiefilter</span> = "benchmark\s*?\\(\d+?|sleep\s*?\\([\d\.]+?\\)|load_file\s*?\\(|\\b(and|or)\\b\\s*?([\\(\\)'\"\\d]+?=[\\(\\)'\"\\d]+?|[\\(\\)'\"a-zA-Z]+?=[\\(\\)'\"a-zA-Z]+?|>|<|\s+?[\\w]+?\\s+?\\bin\\b\\s*?\(|\\blike\\b\\s+?[\"'])|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT(\\(.+\\)|\\s+?.+?)|UPDATE(\\(.+\\)|\\s+?.+?)SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE)(\\(.+\\)|\\s+?.+?\\s+?)FROM(\\(.+\\)|\\s+?.+?)|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";不多说。
你好朋友这说明你的网站有问题,建议你进入网站后台设置一下,如果还有问题,建议你到360论坛里发帖问问那里的工作人员。
webscan.360.cn/
咳咳,至于密码.......不知道是不是字典攻击呢
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1377
52
PHP secure coding tips: How to use the filter_input function to prevent cross-site scripting attacks
Aug 01, 2023 pm 08:51 PM
PHP secure coding tips: How to use the filter_input function to prevent cross-site scripting attacks In today's era of rapid Internet development, network security issues have become increasingly serious. Among them, cross-site scripting (XSS) is a common and dangerous attack method. To keep the website and users safe, developers need to take some precautions. This article will introduce how to use the filter_input function in PHP to prevent XSS attacks. learn
Avoid security risks of cross-site scripting attacks in PHP language development
Jun 10, 2023 am 08:12 AM
With the development of Internet technology, network security issues have attracted more and more attention. Among them, cross-site scripting (XSS) is a common network security risk. XSS attacks are based on cross-site scripting. Attackers inject malicious scripts into website pages to obtain illegal benefits by deceiving users or implanting malicious code through other methods, causing serious consequences. However, for websites developed in PHP language, avoiding XSS attacks is an extremely important security measure. because
Laravel Development Notes: Methods and Techniques to Prevent Cross-Site Scripting Attacks
Nov 22, 2023 pm 04:51 PM
Laravel is a popular PHP framework that provides many useful features and tools that make web application development easier and faster. However, as web applications continue to grow in complexity, security issues become increasingly important. One of the most common and dangerous security vulnerabilities is cross-site scripting (XSS). In this article, we will cover methods and techniques to prevent cross-site scripting attacks to protect your Laravel application from XSS attacks. What is a cross-site scripting attack?
How do XSS vulnerabilities work?
Feb 19, 2024 pm 07:31 PM
What is the principle of XSS attack? Specific code examples are needed. With the popularity and development of the Internet, the security of Web applications has gradually become the focus of attention. Among them, Cross-SiteScripting (XSS for short) is a common security vulnerability that web developers must pay attention to. XSS attacks are performed by injecting malicious script code into a Web page and executing it in the user's browser. This allows the attacker to control the user's browser and obtain the user's sensitive information.
The relationship between PHP Session cross-domain and cross-site scripting attacks
Oct 12, 2023 pm 12:58 PM
The relationship between PHPSession cross-domain and cross-site scripting attacks. With the widespread use of network applications, security issues have attracted increasing attention. When developing web applications, handling user sessions is a very common requirement. PHP provides a convenient session management mechanism - Session. However, Session also has some security issues, especially those related to cross-domain and cross-site scripting attacks. Cross-domain attack (Cross-Domain) refers to the attack through a website
How to avoid common security vulnerabilities in PHP development?
Nov 03, 2023 pm 08:06 PM
How to avoid common security vulnerabilities in PHP development? PHP is a commonly used server-side scripting language widely used in web development. However, due to its ease of use and flexibility, PHP applications are susceptible to various security threats. To protect web applications from hackers and data leaks, developers need to take some precautions. Here are some suggestions for avoiding common security vulnerabilities in PHP development. Input validation ensures that all user-entered data is validated and filtered. Don't rely on front-end validation as hackers can
How to solve cross-site scripting attacks in PHP development
Oct 09, 2023 pm 02:48 PM
How to solve cross-site scripting attacks in PHP development Cross-site scripting (XSS) is a common web security vulnerability. Using this vulnerability, attackers can execute malicious script code in the victim's browser. And then carry out some malicious acts. In PHP development, we need to take some measures to prevent and solve cross-site scripting attacks. 1. Data filtering and escaping For data obtained from user input, database query results, or other external sources, filtering and escaping are required.
Common security issues and solutions in Java development
Oct 09, 2023 pm 09:28 PM
Common security issues and solutions in Java development Summary: With the popularity of the Internet, information security issues have attracted more and more attention in Java development. This article will introduce common security issues in Java development and provide corresponding solutions and specific code examples. 1. SQL injection attack SQL injection attack is one of the most common and serious security vulnerabilities in web development. Attackers obtain or tamper with data in the database by modifying the SQL statements entered by the user. Workaround: Use parameterized queries or precompilation
