Home > Backend Development > PHP Tutorial > PHP filters stored XSS attacks

PHP filters stored XSS attacks

藏色散人
Release: 2023-04-08 07:40:01
forward
3755 people have browsed it

最近做的项目被测试测出了存在存储型XSS,至此记录一下,问题出在了 input 框 :payload:"a" οnclick=alert(1)>

也做了一些XSS过滤,但是不全,有从网上找了一些,弄了一个简单粗暴的;

后台接收 input 框字符串内容,存在被攻击,便整理了一个比较粗暴的方法

//过滤存储型XSS攻击

//过滤存储型XSS攻击
public function safe_filter(&$string) 
{
    $ra=Array('/([\x00-\x08,\x0b-\x0c,\x0e-\x19])/','/script/','/javascript/','/vbscript/','/expression/','/applet/','/meta/','/xml/','/blink/','/link/','/style/','/embed/','/object/','/frame/','/layer/','/title/','/bgsound/','/base/','/onload/','/onunload/','/onchange/','/onsubmit/','/onreset/','/onselect/','/onblur/','/onfocus/','/onabort/','/onkeydown/','/onkeypress/','/onkeyup/','/onclick/','/ondblclick/','/onmousedown/','/onmousemove/','/onmouseout/','/onmouseover/','/onmouseup/','/onunload/');
        $data=str_replace(array(&#39;&&#39;,&#39;<&#39;,&#39;>&#39;),array(&#39;&amp;&#39;,&#39;&lt;&#39;,&#39;&gt;&#39;),$data);   
    if (!get_magic_quotes_gpc())             //不对magic_quotes_gpc转义过的字符使用    addslashes(),避免双重转义。
    {
       $string  = addslashes($string);           //给单引号(&#39;)、双引号(")、反斜线(\)与 NUL(NULL 字符)加上反斜线转义
    }
    $string       = preg_replace($ra,&#39;&#39;,$string);     //删除非打印字符,粗暴式过滤xss可疑字符串
    $laststring     = htmlentities(strip_tags($string)); //去除 HTML 和 PHP 标记并转换为 HTML 实体
    return $laststring;
}
Copy after login

后来,认为这些太过粗暴,就又整理了一些,以后方便参照:

/**
* 过滤html标签,引号,中文空格
 */
function fileter_str( $str )
{
    $str = addslashes(trim($str));
    $str = preg_replace("/<(.*?)>/","",$str);
    $str = str_replace("_x000D_","",$str); //替换空格为
    //注释上一行因为:导入英语试题会将所有空格去掉
    // $str = str_replace(&#39; &#39;,&#39;&#39;,$str);
    return $str;
}
Copy after login

还有:

/**
 * 过滤html标签,引号,中文空格,换行符
 */
function fileter_add_str( $str )
{
$str = str_replace("_x000D_","",$str); //替换空格为
$str = str_replace(array("\r\n", "\r", "\n","\t"), "<br />", $str);//替换回车换行
$str = str_replace("&#39;", "&#39;", $str);
// $str = str_replace(&#39; &#39;,&#39;&#39;,$str);
return $str;
}
Copy after login

还有这些:

//全角到半角的转换,$str待转换的字符串,$flag标识符,$flag=0半角到全角,$flag=1全角到半角
function SBC_DBC($str, $flag) {
    $DBC = Array(//全角
        &#39;0&#39; , &#39;1&#39; , &#39;2&#39; , &#39;3&#39; , &#39;4&#39; ,
        &#39;5&#39; , &#39;6&#39; , &#39;7&#39; , &#39;8&#39; , &#39;9&#39; ,
        &#39;A&#39;,&#39;B&#39; , &#39;C&#39; , &#39;D&#39; , &#39;E&#39; ,
        &#39;F&#39; , &#39;G&#39; , &#39;H&#39; , &#39;I&#39; , &#39;J&#39; ,
        &#39;K&#39; , &#39;L&#39; , &#39;M&#39; , &#39;N&#39; , &#39;O&#39; ,
        &#39;P&#39; , &#39;Q&#39; , &#39;R&#39; , &#39;S&#39; , &#39;T&#39; ,
        &#39;U&#39; , &#39;V&#39; , &#39;W&#39; , &#39;X&#39; , &#39;Y&#39; ,
        &#39;Z&#39; , &#39;a&#39; , &#39;b&#39; , &#39;c&#39; , &#39;d&#39; ,
        &#39;e&#39; , &#39;f&#39; , &#39;g&#39; , &#39;h&#39; , &#39;i&#39; ,
        &#39;j&#39; , &#39;k&#39; , &#39;l&#39; , &#39;m&#39; , &#39;n&#39; ,
        &#39;o&#39; , &#39;p&#39; , &#39;q&#39; , &#39;r&#39; , &#39;s&#39; ,
        &#39;t&#39; , &#39;u&#39; , &#39;v&#39; , &#39;w&#39; , &#39;x&#39; ,
        &#39;y&#39; , &#39;z&#39; , &#39;-&#39; , &#39; &#39; , &#39;:&#39; ,
        &#39;.&#39; , &#39;,&#39; , &#39;/&#39; , &#39;%&#39; , &#39;#&#39; ,
        &#39;!&#39; , &#39;@&#39; , &#39;&&#39; , &#39;(&#39; , &#39;)&#39; ,
        &#39;<&#39; , &#39;>&#39; , &#39;"&#39; , &#39;'&#39; , &#39;?&#39; ,
        &#39;[&#39; , &#39;]&#39; , &#39;{&#39; , &#39;}&#39; , &#39;\&#39; ,
        &#39;|&#39; , &#39;+&#39; , &#39;=&#39; , &#39;_&#39; , &#39;^&#39; ,
        &#39;¥&#39; , &#39; ̄&#39; , &#39;`&#39;
    );
 
    $SBC = Array( // 半角
        &#39;0&#39;, &#39;1&#39;, &#39;2&#39;, &#39;3&#39;, &#39;4&#39;,
        &#39;5&#39;, &#39;6&#39;, &#39;7&#39;, &#39;8&#39;, &#39;9&#39;,
        &#39;A&#39;, &#39;B&#39;, &#39;C&#39;, &#39;D&#39;, &#39;E&#39;,
        &#39;F&#39;, &#39;G&#39;, &#39;H&#39;, &#39;I&#39;, &#39;J&#39;,
        &#39;K&#39;, &#39;L&#39;, &#39;M&#39;, &#39;N&#39;, &#39;O&#39;,
        &#39;P&#39;, &#39;Q&#39;, &#39;R&#39;, &#39;S&#39;, &#39;T&#39;,
        &#39;U&#39;, &#39;V&#39;, &#39;W&#39;, &#39;X&#39;, &#39;Y&#39;,
        &#39;Z&#39;, &#39;a&#39;, &#39;b&#39;, &#39;c&#39;, &#39;d&#39;,
        &#39;e&#39;, &#39;f&#39;, &#39;g&#39;, &#39;h&#39;, &#39;i&#39;,
        &#39;j&#39;, &#39;k&#39;, &#39;l&#39;, &#39;m&#39;, &#39;n&#39;,
        &#39;o&#39;, &#39;p&#39;, &#39;q&#39;, &#39;r&#39;, &#39;s&#39;,
        &#39;t&#39;, &#39;u&#39;, &#39;v&#39;, &#39;w&#39;, &#39;x&#39;,
        &#39;y&#39;, &#39;z&#39;, &#39;-&#39;, &#39; &#39;, &#39;:&#39;,
        &#39;.&#39;, &#39;,&#39;, &#39;/&#39;, &#39;%&#39;, &#39;#&#39;,
        &#39;!&#39;, &#39;@&#39;, &#39;&&#39;, &#39;(&#39;, &#39;)&#39;,
        &#39;<&#39;, &#39;>&#39;, &#39;"&#39;, &#39;\&#39;&#39;,&#39;?&#39;,
        &#39;[&#39;, &#39;]&#39;, &#39;{&#39;, &#39;}&#39;, &#39;\\&#39;,
        &#39;|&#39;, &#39;+&#39;, &#39;=&#39;, &#39;_&#39;, &#39;^&#39;,
        &#39;$&#39;, &#39;~&#39;, &#39;`&#39;
    );
 
    if ($flag == 0) {
        return str_replace($SBC, $DBC, $str);  // 半角到全角
    } else if ($flag == 1) {
        return str_replace($DBC, $SBC, $str);  // 全角到半角
    } else {
        return false;
    }
}
Copy after login

仅供参考

更多PHP相关知识,请访问PHP教程

The above is the detailed content of PHP filters stored XSS attacks. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
php
source:csdn.net
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template