zoukankan      html  css  js  c++  java

  • bWAPP----HTML Injection

    HTML Injection - Reflected (GET)

    进入界面,

    html标签注入

    这是核心代码

     1 <div id="main">
 2     
 3     <h1>HTML Injection - Reflected (GET)</h1>
 4 
 5     <p>Enter your first and last name:</p>
 6 
 7     <form action="<?php echo($_SERVER["SCRIPT_NAME"]);?>" method="GET">
 8 
 9         <p><label for="firstname">First name:</label><br />
10         <input type="text" id="firstname" name="firstname"></p>         //first name 框
11  
12         <p><label for="lastname">Last name:</label><br />               //last name 框
13         <input type="text" id="lastname" name="lastname"></p>
14 
15         <button type="submit" name="form" value="submit">Go</button>    //按钮标签
16 
17     </form>
18 
19     <br />
20     <?php
21 
22     if(isset($_GET["firstname"]) && isset($_GET["lastname"]))                   //以GET方式获取表单传递的firstname和lastname,isset检测是否存在
23     {   
24 
25         $firstname = $_GET["firstname"];                                        //接受参数
26         $lastname = $_GET["lastname"];    
27 
28         if($firstname == "" or $lastname == "")                               //如果其中一个为空,显示下边内容 
29         {
30 
31             echo "<font color="red">Please enter both fields...</font>";       
32 
33         }
34 
35         else            
36         { 
37 
38             echo "Welcome " . htmli($firstname) . " " . htmli($lastname);   
39 
40         }
41 
42     }
43 
44     ?>
45 
46 </div>

    过滤部分

     1 function htmli($data)
 2 {
 3          
 4     switch($_COOKIE["security_level"])
 5     {
 6         
 7         case "0" : 
 8             
 9             $data = no_check($data);            
10             break;
11         
12         case "1" :
13             
14             $data = xss_check_1($data);
15             break;
16         
17         case "2" :            
18                        
19             $data = xss_check_3($data);            
20             break;
21         
22         default : 
23             
24             $data = no_check($data);            
25             break;;   
26 
27     }       
28 
29     return $data;
30 
31 }
32 
33  <label>Set your security level:</label><br />
34         
35         <select name="security_level">
36             
37             <option value="0">low</option>
38             <option value="1">medium</option>
39             <option value="2">high</option> 
40             
41         </select>

    1.low级别

    function no_check($data)
{    
   
    return $data;
        
}

    没有过滤

     

    2.medium

     1 function xss_check_1($data)
 2 {
 3     
 4     // Converts only "<" and ">" to HTLM entities    
 5     $input = str_replace("<", "&lt;", $data);                       
 6     $input = str_replace(">", "&gt;", $input);
 7     
 8     // Failure is an option
 9     // Bypasses double encoding attacks                                         
10     // <script>alert(0)</script>
11     // %3Cscript%3Ealert%280%29%3C%2Fscript%3E
12     // %253Cscript%253Ealert%25280%2529%253C%252Fscript%253E
13     $input = urldecode($input);
14     
15     return $input;
16     
17 }

    str_replace():对<,>,进行替换,

    urldecode()用于解码已编码的 URL 字符串,其原理就是把十六进制字符串转换为中文字符

    也就是进行URL编码可以绕过过滤





    3.high
     1 function xss_check_3($data, $encoding = "UTF-8")
 2 {
 3 
 4     // htmlspecialchars - converts special characters to HTML entities    
 5     // '&' (ampersand) becomes '&amp;' 
 6     // '"' (double quote) becomes '&quot;' when ENT_NOQUOTES is not set
 7     // "'" (single quote) becomes '&#039;' (or &apos;) only when ENT_QUOTES is set
 8     // '<' (less than) becomes '&lt;'
 9     // '>' (greater than) becomes '&gt;'  
10     
11     return htmlspecialchars($data, ENT_QUOTES, $encoding);
12        
13 }

    htmlspecialchars() 函数把预定义的字符转换为 HTML 实体。

    预定义的字符是:

    • & (和号)成为 &
    • " (双引号)成为 "
    • ' (单引号)成为 '
    • < (小于)成为 <
    • > (大于)成为 >
     


     
  • 相关阅读:
    图上两点之间的第k最短路径的长度 ACM-ICPC 2018 沈阳赛区网络预赛 D. Made In Heaven
    ACM-ICPC 2018 徐州赛区网络预赛 B. BE, GE or NE
    poj 1986
    ACM-ICPC 2018 徐州赛区网络预赛 A. Hard to prepare
    ACM-ICPC 2018 徐州赛区网络预赛 G. Trace
    hdu 5533
    ACM Changchun 2015 L . House Building
    ACM Changchun 2015 J. Chip Factory
    一些小程序
    ACM-ICPC 2018 徐州赛区网络预赛 H. Ryuji doesn't want to study
  • 原文地址:https://www.cnblogs.com/hongren/p/7148869.html
Copyright © 2011-2022 走看看