網站偵測完畢之後
發現某個ASP網頁 有XSS弱點
參考下列網站
加入XSS filter function
暫時堵住XSS漏洞
function xss_filter(input)
dim newString
newString=input
newString = replace(newString,"--","")
newString = replace(newString,";","")
newString = replace(newString,chr(34),"'")
newString = replace(newString,"'","")
newString = replace(newString,"=","=")
newString = replace(newString,"(","[")
newString = replace(newString,")","]")
newString = replace(newString,"'","''")
newString = replace(newString,"<","[")
newString = replace(newString,">","]")
newString = replace(newString,"/*","/")
newString = replace(newString,"*/","/")
xss_filter = newString
end function參考資料:
沒有留言:
張貼留言