Regular expression to find CRLF injection attack vulnerability (HTTP response splitting vulnerability)_PHP tutorial

After using 360 to detect website vulnerabilities, I posted an article to solve the vulnerabilities, here it is. But many children's shoes have some problems. Many children's shoes are stuck in the step of variable names. They don't know how to find and add codes. It is true, because the variable names of every program cannot be the same, so what? To ensure the versatility of the code, today we will teach you step by step how to find and add codes through regular expressions.

$.+= $_GET['.+'];
$.+=$_GET['.+'];

The above are the two regular expressions to be used this time. Note: The two lines of code are independent and cannot be used together in one go. Just use one line of regular expressions at a time.

I want to say here that if you use the comments-link-redirect plug-in written by Robin Bird, you must read this article, because this plug-in has a CRLF injection attack vulnerability (HTTP response splitting vulnerability) ), I have reported it to Robin, and he said there will be an update. Let’s start with this plug-in and see how to solve site vulnerabilities.

First use a code editing program such as Dreamweaver that supports regular expressions to open all PHP files that may contain vulnerabilities.

Open the search dialog box (press Ctrl+F on the keyboard), and then check the "Use regular expressions" option.

Use the two regular expressions provided above in sequence to search. Note that I mean sequentially, not two lines together. If a matching value is found, the matching code will be highlighted in the code browser portion of the window.

See the following code found in the regular expression search.

$redirect = $_GET ['r'];

Let’s start to popularize it. The redirect in $redirect in the above code is the variable name. The variable name may be called abcd or heheh. It is possible. Then we insert the following code immediately after the above line of code.

$redirect = trim(str_replace("r","",str_replace("rn","",strip_tags(str_replace("'","",str_replace("n", "", str_replace(" " ,"",str_replace("t","",trim($redirect))))),""))));

There are two variable names in the above code, which are English words starting with $. If you need to use them according to your own requirements, you must change the two variable names. Just copy the above code below the vulnerable code, like below.

$redirect = $_GET['r'];
$redirect = trim(str_replace("r","",str_replace("rn","",strip_tags(str_replace("'","" ,str_replace("n", "", str_replace(" ","",str_replace("t","",trim($redirect))))),""))));

In this way, all problems will be solved.

Source of this article: http://www.yiduqiang.com/regex-find-crlf.html

http://www.bkjia.com/PHPjc/363799.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/363799.htmlTechArticleAfter using 360 to detect site vulnerabilities, I published an article to solve the vulnerabilities, here. But many children's shoes have some problems. Many children's shoes are stuck in the variable name step...