XSS跨站攻击修复方法

恶意攻击者往Web页面里插入恶意html代码,当用户浏览该页之时,嵌入其中Web里面的html代码会被执行,从而达到恶意用户的特殊目的。

ASP

漏洞代码示例:
<%
Dim param
Set param=Request.QueryString(“dd”)
response.write param
%>
修复范例:
<%
Dim param
Set param=Request.QueryString(“dd”)
response.write Server.HTMLEnCode(param)
%>

PHP

漏洞代码示例:
<?php
$aa=$_GET[‘dd’];
echo $aa.”123″;
?>
修复范例:
<?php
$aa=$_GET[‘dd’];
echo htmlspecialchars($aa).”123″;
?>

转载请注明出处:https://www.onexin.net/xss-and-clickjacking-attacks-repair-method/

随机文章:

1、教您如何读懂SupeSite模块调用代码里的参数
https://www.onexin.net/supesite-teach-you-how-to-read-the-parameters-of-the-module-calling-code/

2、[个人潜能8D]清除自我破坏和制造令人无法阻挡的自信
https://www.onexin.net/personal-potentials-8d-removal-of-self-destruction-and-the-manufacture-of-self-confidence-that-can-not-be-stopped/

3、DIV+CSS设计实例:超酷的竖排导航栏
https://www.onexin.net/div-css-design-examples-cool-vertical-navigation-bar/

4、通过url获取图片
https://www.onexin.net/get-image-by-url/

5、Google Ad Planner通过广告商方案提高您网站的曝光率
https://www.onexin.net/google-ad-planner-through-advertising-programs-to-increase-the-visibility-of-your-site/

Leave a Reply