跨站点请求伪造 跨站点脚本编制 通过框架钓鱼漏洞

1、跨站点请求伪造 跨站点脚本编制 通过框架钓鱼漏洞

主要是通过在url或参数中添加脚本如:

1、URL中添加<script>alert(1)</script>

2、参数value=<a href="http://demo.com"></a>。

添加一个过滤器对特殊字符进行拦截

[java]  view plain copy
  1. package com.xxx.sys.filter;  
  2.   
  3. import java.io.IOException;  
  4. import java.util.Enumeration;  
  5.   
  6. import javax.servlet.Filter;  
  7. import javax.servlet.FilterChain;  
  8. import javax.servlet.FilterConfig;  
  9. import javax.servlet.ServletException;  
  10. import javax.servlet.ServletRequest;  
  11. import javax.servlet.ServletResponse;  
  12. import javax.servlet.http.HttpServletRequest;  
  13. import javax.servlet.http.HttpServletResponse;  
  14.   
  15. import org.apache.log4j.Logger;  
  16.   
  17. /** 
  18.  * 非法字符过滤器 
  19.  * 1.所有非法字符配置在web.xml中,如需添加新字符,请自行配置 
  20.  * 2.请注意请求与相应时的编码格式设置,否则遇到中文时,会出现乱码(GBK与其子集应该没问题) 
  21.  * @author lee 
  22.  * 
  23.  */  
  24. public class CharFilter implements Filter {  
  25.     private Logger log = Logger.getLogger(CharFilter.class);  
  26.     private String encoding;  
  27.     private String[] legalNames;  
  28.     private String[] illegalChars;  
  29.       
  30.     public void init(FilterConfig filterConfig) throws ServletException {  
  31.         encoding = filterConfig.getInitParameter("encoding");  
  32.         legalNames = filterConfig.getInitParameter("legalNames").split(",");  
  33.         illegalChars = filterConfig.getInitParameter("illegalChars").split(",");  
  34.     }  
  35.       
  36.     public void destroy() {  
  37.         encoding = null;  
  38.         legalNames = null;  
  39.         illegalChars = null;  
  40.     }  
  41.       
  42.   
  43.     public void doFilter(ServletRequest request, ServletResponse response,  
  44.             FilterChain filterChain) throws IOException, ServletException {  
  45.           
  46.         HttpServletRequest req = (HttpServletRequest)request;  
  47.         HttpServletResponse res = (HttpServletResponse) response;  
  48.           
  49.         //必须手动指定编码格式  
  50.         req.setCharacterEncoding(encoding);  
  51.         String tempURL = req.getRequestURI();   
  52.         log.info(tempURL);  
  53.         Enumeration params = req.getParameterNames();  
  54.           
  55.         //是否执行过滤  true:执行过滤  false:不执行过滤  
  56.         boolean executable = true;  
  57.           
  58.         //非法状态  true:非法  false;不非法  
  59.         boolean illegalStatus = false;  
  60.         String illegalChar = "";  
  61.         //对参数名与参数进行判断  
  62.         w:while(params.hasMoreElements()){  
  63.               
  64.             String paramName = (String) params.nextElement();  
  65.               
  66.             executable = true;  
  67.               
  68.             //密码不过滤  
  69.             if(paramName.toLowerCase().contains("password")){  
  70.                 executable = false;  
  71.             }else{  
  72.                 //检查提交参数的名字,是否合法,即不过滤其提交的值  
  73.                 f:for(int i=0;i<legalNames.length;i++){  
  74.                     if(legalNames[i].equals(paramName)){  
  75.                         executable = false;  
  76.                         break f;  
  77.                     }  
  78.                 }  
  79.             }  
  80.               
  81.             if(executable){  
  82.                 String[] paramValues = req.getParameterValues(paramName);  
  83.                   
  84.                 f1:for(int i=0;i<paramValues.length;i++){  
  85.                       
  86.                     String paramValue = paramValues[i];  
  87.                       
  88.                     f2:for(int j=0;j<illegalChars.length;j++){  
  89.                           
  90.                         illegalChar = illegalChars[j];  
  91.                           
  92.                         if(paramValue.indexOf(illegalChar) != -1){  
  93.                             illegalStatus = true;//非法状态  
  94.                             break f2;  
  95.                         }  
  96.                     }  
  97.                       
  98.                     if(illegalStatus){  
  99.                         break f1;  
  100.                     }  
  101.                       
  102.                 }  
  103.             }  
  104.               
  105.             if(illegalStatus){  
  106.                 break w;  
  107.             }  
  108.         }  
  109.         //对URL进行判断  
  110.         for(int j=0;j<illegalChars.length;j++){  
  111.               
  112.             illegalChar = illegalChars[j];  
  113.               
  114.             if(tempURL.indexOf(illegalChar) != -1){  
  115.                 illegalStatus = true;//非法状态  
  116.                 break;  
  117.             }  
  118.         }  
  119.         if(illegalStatus){  
  120.             //必须手动指定编码格式  
  121.             res.setContentType("text/html;charset="+encoding);  
  122.             res.setCharacterEncoding(encoding);  
  123.             res.getWriter().print("<script>window.alert('当前链接中存在非法字符');window.history.go(-1);</script>");  
  124.         }else{  
  125.             filterChain.doFilter(request, response);  
  126.         }  
  127.     }  
  128.   
  129. }  


web.xml code

[html]  view plain copy
  1. <filter>  
  2.         <filter-name>charFilter</filter-name>  
  3.         <filter-class>com.xxx.sys.filter.CharFilter</filter-class>  
  4.         <init-param>  
  5.             <param-name>encoding</param-name>  
  6.             <param-value>UTF-8</param-value>  
  7.         </init-param>  
  8.         <init-param>  
  9.             <param-name>legalNames</param-name>  
  10.             <param-value>content1,ver,historyURL,listURL</param-value>  
  11.         </init-param>  
  12.         <init-param>  
  13.             <param-name>illegalChars</param-name>  
  14.             <param-value>|,$,@,',",\',\",<,>,(,),+,CR,LF,\",",\,http</param-value>  
  15.         </init-param>  
  16.     </filter>  
  • 0
    点赞
  • 1
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值