28,391
社区成员
发帖
与我相关
我的任务
分享检测到目标URL存在跨站漏洞
URL news.asp?owner=40
请求方式 GET
问题参数 owner
参考(验证) news.asp?owner="'"></form><input autofocus onfocus=iobrjl(6071)>
URL movie.asp?BigClassname=庭审直播
请求方式 GET
问题参数 BigClassname
参考(验证) movie.asp?BigClassname=<svg/ onload=iobrjl(6779)>
URL movie.asp?bigclassname=庭审直播
请求方式 GET
问题参数 bigclassname
参考(验证) movie.asp?bigclassname=<input autofocus onfocus=iobrjl(6905)>
检测到目标URL存在跨站漏洞请问如何解决!
源码如下:
<!--#include file="Inc/syscode.asp" -->
<!--#include file="Inc/eshopcode.asp"-->
<!--#include file="Inc/Config1.asp" -->
<%
const MaxPerPage_1=15 '分页显示留言个数
dim totalput_1,CurrentPage_1,TotalPages_1,i
if not isempty(request("page")) then
CurrentPage_1=cint(request("page"))
else
CurrentPage_1=1
end if
Dim owner
owner=Server.HTMLEnCode(FilterJS(request("owner")))
owner=replace(request.QueryString("owner"),"'","''")
owner=replace(request.QueryString("owner"),"<script>","''")
if owner="" then owner=40
where=""
If Trim(owner)<>"" Then
where=" where owner="&CInt(owner)
newsclassname=conn.execute("select classname from newsclass where id="&CInt(owner))(0)
End if
sql="select * from Conews"&where&" order by id desc"
Set rs_l0= Server.CreateObject("ADODB.Recordset")
rs_l0.open sql,conn,1,1
select case owner
case 40
title="虎法动态"
end Select
select case owner
case 79
title="媒体聚焦"
end Select
%>
<!--#include file="Inc/head-n.asp" -->
<!--内容页开始-->
<div class="contentdiv">
<div class="content">
<div class="contentbg">
<!--content部分开始-->
<div class="acontent imargin">
<div class="left divl">
<div class="top"><img src="images/n-left-top.jpg" alt="<%=Web_KeyWords%>"></div>
<div class="cmeun">
<%
sql_fb1="select * from NewsClass order by id"
set rs_fb1=server.CreateObject("adodb.recordset")
rs_fb1.open sql_fb1,conn,1,1
do while not rs_fb1.eof
%>
<a href="news.asp?owner=<%=rs_fb1("id")%>" title="<%=rs_fb1("ClassName")%>"> <%=rs_fb1("ClassName")%></a>
<%
rs_fb1.movenext
Loop
rs_fb1.close
set rs_fb1=nothing
%>
</div>
<div class="clear"></div>
<div class="bottom"></div>
</div>
<div class="right divl">
<div class="top divl">
<div class="txt"><span class="span1">当前位置:</span><a href="main.asp">网站首页</a> > <a href="news.asp">虎法动态</a> > <span class="span2"><%=title%></span></div>
</div>
<div class="ct divl">
<div class="txt">
<%
if not (rs_l0.bof and rs_l0.eof) then
totalput_1=rs_l0.recordcount
if CurrentPage_1<1 then
CurrentPage_1=1
end if
if (CurrentPage_1-1)*MaxPerPage_1>totalput_1 then
if (totalput_1 mod MaxPerPage_1)=0 then
CurrentPage_1= totalput_1 \ MaxPerPage_1
else
CurrentPage_1= totalput_1 \ MaxPerPage_1 + 1
end if
end if
if CurrentPage_1=1 then
showContent
else
if (CurrentPage_1-1)*MaxPerPage_1<totalput_1 then
rs_l0.move (CurrentPage_1-1)*MaxPerPage_1
dim bookmark
bookmark=rs_l0.bookmark
showContent
else
CurrentPage_1=1
showContent
end if
end if
else
showContent
end if
rs_l0.close
set rs_l0=nothing
sub showContent
%>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<%count=0
do while not rs_l0.eof
showtitle=trim(rs_l0("title"))
if strLength(showtitle)>60 then showtitle=strLeft(showtitle,29)&".."
%>
<tr>
<td width="100%" height="35" align="center"><table width="100%" border="0" cellpadding="0" cellspacing="0" background="images/b13.gif" style="background-repeat:no-repeat; background-position:bottom left;">
<tr>
<td width="31" height="38" align="center">·</td>
<td width="526" align="left"><a href="newsmore.asp?id=<%=rs_l0("id")%>"><%=rs_l0("title")%></a></td>
<td width="120" align="center">[<%=year(rs_l0("time")) & "-" & right("0"&month(rs_l0("time")),2) & "-" & right("0"&day(rs_l0("time")),2)%>]</td>
</tr>
</table></td>
</tr>
<% rs_l0.movenext
count=count+1
if count>=MaxPerPage_1 then exit do
loop
%>
</table>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td height="37" align="center" valign="bottom"><%call showpages(1)%></td>
</tr>
</table>
<%
end sub
sub showpages(p)
dim n
linkstr="?owner="&owner
if (totalput_1 mod MaxPerPage_1)=0 then
n= totalput_1 \ MaxPerPage_1
else
n= totalput_1 \ MaxPerPage_1 + 1
end if
if n=0 then
response.write "<p align='center'>暂时没有记录!</p>"
exit sub
end if
response.write "<TABLE cellSpacing=0 cellPadding=0 align=center border=0>"
response.write "<FORM name=art"&p&" method=post action="&linkstr&">"
response.write "<TBODY>"
response.write "<TR>"
response.write "<TD>共有 <FONT color=red>"&totalput_1&"</FONT> 条匹配记录 "
if CurrentPage_1<2 then
response.write "<FONT color=silver>第一页 上一页 </FONT>"
else
response.write "<a href="&linkstr&"&page=1>第一页</a> "
response.write "<a href="&linkstr&"&page="¤tPage_1-1&">上一页</a> "
end if
if n-CurrentPage_1<1 then
response.write "<FONT color=silver>下一页 最后页 </FONT>"
else
response.write "<a href="&linkstr&"&page="&(CurrentPage_1+1)&">"
response.write "下一页</a> <a href="&linkstr&"&page="&n&">最后页</a> "
end if
response.write "转到第<INPUT style='BORDER-RIGHT: 0px; BORDER-TOP: 0px; BORDER-LEFT: 0px; BORDER-BOTTOM: #666666 1px solid ;background-color:transparent;' size=1 name=page>页<INPUT type=image src='image/goto.gif' align=middle border=0 name=imageField> 第<FONT color=red>"¤tPage_1&"</FONT>页/共<FONT color=red>"&n&"</FONT>页/每页<FONT color=red>"&MaxPerPage_1&"</FONT>条"
response.write "</TD></TR></FORM></TBODY></TABLE>"
end sub
%>
</div>
</div>
<div class="bottom divl"></div>
</div>
</div>
<div class="clear"></div>
<!--content部分结束-->
<!--#include file="Inc/foot.asp" -->
请求方式 GET
问题参数 owner
参考(验证) news.asp?owner="'"></form><input autofocus onfocus=iobrjl(6071)>
URL movie.asp?BigClassname=庭审直播
请求方式 GET
问题参数 BigClassname
参考(验证) movie.asp?BigClassname=<svg/ onload=iobrjl(6779)>
URL movie.asp?bigclassname=庭审直播
请求方式 GET
问题参数 bigclassname
参考(验证) movie.asp?bigclassname=<input autofocus onfocus=iobrjl(6905)>
检测到目标URL存在跨站漏洞请问如何解决!
源码如下:
<!--#include file="Inc/syscode.asp" -->
<!--#include file="Inc/eshopcode.asp"-->
<!--#include file="Inc/Config1.asp" -->
<%
const MaxPerPage_1=15 '分页显示留言个数
dim totalput_1,CurrentPage_1,TotalPages_1,i
if not isempty(request("page")) then
CurrentPage_1=cint(request("page"))
else
CurrentPage_1=1
end if
Dim owner
owner=Server.HTMLEnCode(FilterJS(request("owner")))
owner=replace(request.QueryString("owner"),"'","''")
owner=replace(request.QueryString("owner"),"<script>","''")
if owner="" then owner=40
where=""
If Trim(owner)<>"" Then
where=" where owner="&CInt(owner)
newsclassname=conn.execute("select classname from newsclass where id="&CInt(owner))(0)
End if
sql="select * from Conews"&where&" order by id desc"
Set rs_l0= Server.CreateObject("ADODB.Recordset")
rs_l0.open sql,conn,1,1
select case owner
case 40
title="虎法动态"
end Select
select case owner
case 79
title="媒体聚焦"
end Select
%>
<!--#include file="Inc/head-n.asp" -->
<!--内容页开始-->
<div class="contentdiv">
<div class="content">
<div class="contentbg">
<!--content部分开始-->
<div class="acontent imargin">
<div class="left divl">
<div class="top"><img src="images/n-left-top.jpg" alt="<%=Web_KeyWords%>"></div>
<div class="cmeun">
<%
sql_fb1="select * from NewsClass order by id"
set rs_fb1=server.CreateObject("adodb.recordset")
rs_fb1.open sql_fb1,conn,1,1
do while not rs_fb1.eof
%>
<a href="news.asp?owner=<%=rs_fb1("id")%>" title="<%=rs_fb1("ClassName")%>"> <%=rs_fb1("ClassName")%></a>
<%
rs_fb1.movenext
Loop
rs_fb1.close
set rs_fb1=nothing
%>
</div>
<div class="clear"></div>
<div class="bottom"></div>
</div>
<div class="right divl">
<div class="top divl">
<div class="txt"><span class="span1">当前位置:</span><a href="main.asp">网站首页</a> > <a href="news.asp">虎法动态</a> > <span class="span2"><%=title%></span></div>
</div>
<div class="ct divl">
<div class="txt">
<%
if not (rs_l0.bof and rs_l0.eof) then
totalput_1=rs_l0.recordcount
if CurrentPage_1<1 then
CurrentPage_1=1
end if
if (CurrentPage_1-1)*MaxPerPage_1>totalput_1 then
if (totalput_1 mod MaxPerPage_1)=0 then
CurrentPage_1= totalput_1 \ MaxPerPage_1
else
CurrentPage_1= totalput_1 \ MaxPerPage_1 + 1
end if
end if
if CurrentPage_1=1 then
showContent
else
if (CurrentPage_1-1)*MaxPerPage_1<totalput_1 then
rs_l0.move (CurrentPage_1-1)*MaxPerPage_1
dim bookmark
bookmark=rs_l0.bookmark
showContent
else
CurrentPage_1=1
showContent
end if
end if
else
showContent
end if
rs_l0.close
set rs_l0=nothing
sub showContent
%>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<%count=0
do while not rs_l0.eof
showtitle=trim(rs_l0("title"))
if strLength(showtitle)>60 then showtitle=strLeft(showtitle,29)&".."
%>
<tr>
<td width="100%" height="35" align="center"><table width="100%" border="0" cellpadding="0" cellspacing="0" background="images/b13.gif" style="background-repeat:no-repeat; background-position:bottom left;">
<tr>
<td width="31" height="38" align="center">·</td>
<td width="526" align="left"><a href="newsmore.asp?id=<%=rs_l0("id")%>"><%=rs_l0("title")%></a></td>
<td width="120" align="center">[<%=year(rs_l0("time")) & "-" & right("0"&month(rs_l0("time")),2) & "-" & right("0"&day(rs_l0("time")),2)%>]</td>
</tr>
</table></td>
</tr>
<% rs_l0.movenext
count=count+1
if count>=MaxPerPage_1 then exit do
loop
%>
</table>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td height="37" align="center" valign="bottom"><%call showpages(1)%></td>
</tr>
</table>
<%
end sub
sub showpages(p)
dim n
linkstr="?owner="&owner
if (totalput_1 mod MaxPerPage_1)=0 then
n= totalput_1 \ MaxPerPage_1
else
n= totalput_1 \ MaxPerPage_1 + 1
end if
if n=0 then
response.write "<p align='center'>暂时没有记录!</p>"
exit sub
end if
response.write "<TABLE cellSpacing=0 cellPadding=0 align=center border=0>"
response.write "<FORM name=art"&p&" method=post action="&linkstr&">"
response.write "<TBODY>"
response.write "<TR>"
response.write "<TD>共有 <FONT color=red>"&totalput_1&"</FONT> 条匹配记录 "
if CurrentPage_1<2 then
response.write "<FONT color=silver>第一页 上一页 </FONT>"
else
response.write "<a href="&linkstr&"&page=1>第一页</a> "
response.write "<a href="&linkstr&"&page="¤tPage_1-1&">上一页</a> "
end if
if n-CurrentPage_1<1 then
response.write "<FONT color=silver>下一页 最后页 </FONT>"
else
response.write "<a href="&linkstr&"&page="&(CurrentPage_1+1)&">"
response.write "下一页</a> <a href="&linkstr&"&page="&n&">最后页</a> "
end if
response.write "转到第<INPUT style='BORDER-RIGHT: 0px; BORDER-TOP: 0px; BORDER-LEFT: 0px; BORDER-BOTTOM: #666666 1px solid ;background-color:transparent;' size=1 name=page>页<INPUT type=image src='image/goto.gif' align=middle border=0 name=imageField> 第<FONT color=red>"¤tPage_1&"</FONT>页/共<FONT color=red>"&n&"</FONT>页/每页<FONT color=red>"&MaxPerPage_1&"</FONT>条"
response.write "</TD></TR></FORM></TBODY></TABLE>"
end sub
%>
</div>
</div>
<div class="bottom divl"></div>
</div>
</div>
<div class="clear"></div>
<!--content部分结束-->
<!--#include file="Inc/foot.asp" -->
...全文
请发表友善的回复…
发表回复
什么都不能 2017-07-23
- 打赏
- 举报
首先 二楼写的我觉得可以用。再者不建议将参数直接在界面上引用。如果你是用作数据库查询,那么将查询结果的值作为界面的引用,sql用绑定变量避免注入。
sijiahui 2017-07-20
- 打赏
- 举报
如何过滤URL特殊字符
sijiahui 2017-07-20
- 打赏
- 举报
没有asp大神吗?能给解决下啊
sijiahui 2017-07-19
- 打赏
- 举报
这个其实没多大用处。
sample:
def send_post(url):
try:
print('url:'+url)
headers = {'User-Agent':'BaiduSpider', 'Accept-Encoding':'gzip, deflate'}
r = requests.post(url, {}, headers)
print('========http_status_code:'+ str(r.status_code)+'\n')
content_length = r.headers['Content-length']
print("-------content length:::"+str(content_length))
if int(content_length) > 50000:
return 1;
else:
return 0;
except:
return send_post(url)
[/quote]
具体实例怎么引用尼?麻烦写一下哈
什么都不能 2017-07-02
- 打赏
- 举报
这个其实没多大用处。
sample:
def send_post(url):
try:
print('url:'+url)
headers = {'User-Agent':'BaiduSpider', 'Accept-Encoding':'gzip, deflate'}
r = requests.post(url, {}, headers)
print('========http_status_code:'+ str(r.status_code)+'\n')
content_length = r.headers['Content-length']
print("-------content length:::"+str(content_length))
if int(content_length) > 50000:
return 1;
else:
return 0;
except:
return send_post(url)
xiaoliuvv 2017-06-30
- 打赏
- 举报
在你的参数获取时进行字符串过滤
'------------------过滤非法字符-------------------
Function strleach(str)
dim tempstr
if str="" then strleach="":exit function
tempstr=replace(str,chr(39),"'") ' '
tempstr=replace(tempstr,chr(34),""") ' "
tempstr=replace(tempstr,chr(60),"《") ' <
tempstr=replace(tempstr,chr(62),"》") ' >
tempstr=replace(tempstr,chr(37),"%") ' %
tempstr=replace(tempstr,chr(38),"&") ' &
tempstr=replace(tempstr,chr(40),"(") ' (
tempstr=replace(tempstr,chr(41),")") ' )
tempstr=replace(tempstr,chr(91),"[") ' [
tempstr=replace(tempstr,chr(93),"]") ' ]
tempstr=replace(tempstr,chr(123),"{") ' {
tempstr=replace(tempstr,chr(125),"}") ' }
strleach=tempstr
End Function
后台程序获取参数时调用一下函数就行了
例如你的owner=replace(request.QueryString("owner"),"'","''")
改成 owner=strleach(request.QueryString("owner"))
浪子回头8 2017-06-29
- 打赏
- 举报
ASP防止站外提交数据的一个函数,挺简单的函数,但对整站安全却起到了重要作用,一般情况下,我们是不会允许站外提交数据的,在ASP编程中,应该有此类代码来控制站外提交,比如本函数就可以,代码如下:
<%
Function chkFrom()
Dim server_v1,server_v2, server1, server2
chkFrom=False
server1=Cstr(Request.ServerVariables("HTTP_REFERER"))
server2=Cstr(Request.ServerVariables("SERVER_NAME"))
If Mid(server1,8,len(server2))=server2 Then chkFrom=True
End Function
%>
本函数可有效防止用户从外部提交数据,函数用法参考:
<%
if not chkFrom then
Response.write("请不要从站外提交内容!")
Response.end
End if
%>
