zoukankan      html  css  js  c++  java
  • 360 webscan中防注入跨站攻击的核心

    //get拦截规则
    $getfilter = "\<.+javascript:window\[.{1}\\x|<.*=(&#\d+?;?)+?>|<.*(data|src)=data:text\/html.*>|\b(alert\(|confirm\(|expression\(|prompt\(|benchmarks*?\(d+?|sleeps*?\([d.]+?\)|load_files*?\()|<[a-z]+?\b[^>]*?\bon([a-z]{4,})s*?=|^\+\/v(8|9)|\b(and|or)\b\s*?([\(\)'"\d]+?=[\(\)'"\d]+?|[\(\)'"a-zA-Z]+?=[\(\)'"a-zA-Z]+?|>|<|s+?[\w]+?\s+?\bin\b\s*?(|\blike\b\s+?["'])|\/\*.+?\*\/|<\s*script\b|\bEXEC\b|UNION.+?SELECT(\(.+\)|\s+?.+?)|UPDATE(\(.+\)|\s+?.+?)SET|INSERT\s+INTO.+?VALUES|(SELECT|DELETE)(\(.+\)|\s+?.+?\s+?)FROM(\(.+\)|\s+?.+?)|(CREATE|ALTER|DROP|TRUNCATE)\s+(TABLE|DATABASE)";
    //post拦截规则
    $postfilter = "<.*=(&#\d+?;?)+?>|<.*data=data:text\/html.*>|\b(alert\(|confirm\(|expression\(|prompt\(|benchmarks*?\(d+?|sleeps*?\([d.]+?\)|load_files*?\()|<[^>]*?\b(onerror|onmousemove|onload|onclick|onmouseover)\b|\b(and|or)\b\s*?([\(\)'"\d]+?=[\(\)'"\d]+?|[\(\)'"a-zA-Z]+?=[\(\)'"a-zA-Z]+?|>|<|s+?[\w]+?\s+?\bin\b\s*?(|\blike\b\s+?["'])|\/\*.+?\*\/|<\s*script\b|\bEXEC\b|UNION.+?SELECT(\(.+\)|\s+?.+?)|UPDATE(\(.+\)|\s+?.+?)SET|INSERT\s+INTO.+?VALUES|(SELECT|DELETE)(\(.+\)|\s+?.+?\s+?)FROM(\(.+\)|\s+?.+?)|(CREATE|ALTER|DROP|TRUNCATE)\s+(TABLE|DATABASE)";
    //cookie拦截规则
    $cookiefilter = "benchmarks*?\(d+?|sleeps*?\([d.]+?\)|load_files*?\(|\b(and|or)\b\s*?([\(\)'"\d]+?=[\(\)'"\d]+?|[\(\)'"a-zA-Z]+?=[\(\)'"a-zA-Z]+?|>|<|s+?[\w]+?\s+?\bin\b\s*?(|\blike\b\s+?["'])|\/\*.+?\*\/|<\s*script\b|\bEXEC\b|UNION.+?SELECT(\(.+\)|\s+?.+?)|UPDATE(\(.+\)|\s+?.+?)SET|INSERT\s+INTO.+?VALUES|(SELECT|DELETE)(\(.+\)|\s+?.+?\s+?)FROM(\(.+\)|\s+?.+?)|(CREATE|ALTER|DROP|TRUNCATE)\s+(TABLE|DATABASE)";

    不多说。

  • 相关阅读:
    oracle锁表查询,资源占用,连接会话,低效SQL等性能检查
    oracle临时表
    oracle列转行
    oracle数据库查询重复记录
    查找mysql的cnf文件位置
    Nginx反向代理,负载均衡,redis session共享,keepalived高可用
    Linux 软件安装
    Linux上网设置
    c#学习内容
    PHP八大设计模式
  • 原文地址:https://www.cnblogs.com/x3d/p/3902531.html
Copyright © 2011-2022 走看看