• bWAPP----iFrame Injection

    iFrame Injection

    直接上代码

     1 <div id="main">
 2 
 3     <h1>iFrame Injection</h1>
 4 
 5 <?php
 6 
 7 if($_COOKIE["security_level"] == "1" || $_COOKIE["security_level"] == "2")      //如果防御级别不是low执行这里,
 8 {
 9 
10 ?>
11     <iframe frameborder="0" 
            src="robots.txt"                                                           //对高度和宽度的参数进行xss()函数
            height="<?php echo xss($_GET["ParamHeight"])?>" 
            width="<?php echo xss($_GET["ParamWidth"])?>">
            </iframe>
12 <?php
13 
14 }
15 
16 else
17 {
18 
19 ?>
20     <iframe frameborder="0"                                                      //如果防御级别是0,对URL,宽度,高度都进行xss()
           src="<?php echo xss($_GET["ParamUrl"])?>" 
           height="<?php echo xss($_GET["ParamHeight"])?>" 
           width="<?php echo xss($_GET["ParamWidth"])?>">
           </iframe>
21 <?php
22 
23 }
24 
25 ?>
26 
27 </div>

    防御代码

     1 if(!(isset($_GET["ParamUrl"])) || !(isset($_GET["ParamHeight"])) || !(isset($_GET["ParamWidth"])))          //如果这三个参数有一个没有传参,
 2 {
 3 
 4     header("Location: iframei.php?ParamUrl=robots.txt&ParamWidth=250&ParamHeight=250");                     //展示这个
 5 
 6     exit;
 7 
 8 }
 9 
10 function xss($data)
11 {
12 
13     switch($_COOKIE["security_level"])
14     {
15 
16         case "0" :
17 
18             $data = no_check($data);      
19             break;
20 
21         case "1" :
22 
23             $data = xss_check_4($data);
24             break;
25 
26         case "2" :
27 
28             $data = xss_check_3($data);
29             break;
30 
31         default :
32 
33             $data = no_check($data);
34             break;   
35 
36     }
37 
38     return $data;

    1.low

    当low级别时,no_check()

    该函数为不做任何处理

    low级别时对三个参数不做任何处理

    <iframe frameborder="0" 
            src="robots.txt"                                                           
            height="<?php echo xss($_GET["ParamHeight"])?>" 
            width="<?php echo xss($_GET["ParamWidth"])?>">
    </iframe>

    2.medium

    function xss_check_4($data)
{
  
    // addslashes - returns a string with backslashes before characters that need to be quoted in database queries etc.
    // These characters are single quote ('), double quote ("), backslash () and NUL (the NULL byte).
    // Do NOT use this for XSS or HTML validations!!!
    
    return addslashes($data);
    
}

    前边已经碰到过好多次

    3.high

     1 function xss_check_3($data, $encoding = "UTF-8")
 2 {
 3 
 4     // htmlspecialchars - converts special characters to HTML entities    
 5     // '&' (ampersand) becomes '&amp;' 
 6     // '"' (double quote) becomes '&quot;' when ENT_NOQUOTES is not set
 7     // "'" (single quote) becomes '&#039;' (or &apos;) only when ENT_QUOTES is set
 8     // '<' (less than) becomes '&lt;'
 9     // '>' (greater than) becomes '&gt;'  
10     
11     return htmlspecialchars($data, ENT_QUOTES, $encoding);
12        
13 }

    前边也已经碰到过好多次
  • 相关阅读:
    货车运输 noip2013day1t3
    热浪 洛谷1339 (对于最短路的复习)
    10.25 考试总结
    2017.10.27
    2017.10.26 noip2013day1
    2017.10.24
    2017.10.23 noip2014day2测试
    bzoj3173 最长上升子序列 题解--Treap+nlogn求LIS
    bzoj1588 营业额统计 题解--Treap
    codevs1068 乌龟棋 题解
  • 原文地址:https://www.cnblogs.com/hongren/p/7154314.html
Copyright © 2020-2023  润新知