div class="article-list-left detail-content-wrap content">p>h2>360 webscan中防注入跨站攻击的核心，360webscan/h2>/br>div class="code" style="position:relative; padding:0px; margin:0px;">pre class="code">span>///span>span>get拦截规则/span>span>$getfilter/span> = "\\.+javascript:window\\[.{1}\\\\x|.*=(&#\\d+?;?)+?>|.*(data||\\b(alert\\(|confirm\\(|expression\\(|prompt\\(|benchmark\s*?\\(\d+?|sleep\s*?\\([\d\.]+?\\)|load_file\s*?\\()|[a-z]+?\\b[^>]*?\\bon([a-z]{4,})\s*?=|^\\+\\/v(8|9)|\\b(and|or)\\b\\s*?([\\(\\)'\"\\d]+?=[\\(\\)'\"\\d]+?|[\\(\\)'\"a-zA-Z]+?=[\\(\\)'\"a-zA-Z]+?|>||\s+?[\\w]+?\\s+?\\bin\\b\\s*?\(|\\blike\\b\\s+?[\"'])|\\/\\*.+?\\*\\/|\\s*script\\b||UNION.+?SELECT(\\(.+\\)|\\s+?.+?)||\\s+?.+?)SET|INSERT\\s+INTO.+?VALUES|||\\s+?.+?\\s+?)FROM(\\(.+\\)|\\s+?.+?)|||||span>span>///span>span>post拦截规则/span>span>$postfilter/span> = ".*=(&#\\d+?;?)+?>|.*data=data:text\\/html.*>|\\b(alert\\(|confirm\\(|expression\\(|prompt\\(|benchmark\s*?\\(\d+?|sleep\s*?\\([\d\.]+?\\)|load_file\s*?\\()|[^>]*?\\b(onerror|onmousemove|onload|onclick|onmouseover)\\b|\\b(and|or)\\b\\s*?([\\(\\)'\"\\d]+?=[\\(\\)'\"\\d]+?|[\\(\\)'\"a-zA-Z]+?=[\\(\\)'\"a-zA-Z]+?|>||\s+?[\\w]+?\\s+?\\bin\\b\\s*?\(|\\blike\\b\\s+?[\"'])|\\/\\*.+?\\*\\/|\\s*script\\b||UNION.+?SELECT(\\(.+\\)|\\s+?.+?)||\\s+?.+?)SET|INSERT\\s+INTO.+?VALUES|||\\s+?.+?\\s+?)FROM(\\(.+\\)|\\s+?.+?)|||||span>span>///span>span>cookie拦截规则/span>span>$cookiefilter/span> = "benchmark\s*?\\(\d+?|sleep\s*?\\([\d\.]+?\\)|load_file\s*?\\(|\\b(and|or)\\b\\s*?([\\(\\)'\"\\d]+?=[\\(\\)'\"\\d]+?|[\\(\\)'\"a-zA-Z]+?=[\\(\\)'\"a-zA-Z]+?|>||\s+?[\\w]+?\\s+?\\bin\\b\\s*?\(|\\blike\\b\\s+?[\"'])|\\/\\*.+?\\*\\/|\\s*script\\b||UNION.+?SELECT(\\(.+\\)|\\s+?.+?)||\\s+?.+?)SET|INSERT\\s+INTO.+?VALUES|||\\s+?.+?\\s+?)FROM(\\(.+\\)|\\s+?.+?)|||||DATABASE)";/pre>div class="contentsignin">登录后复制/div>/div>p>不多说。/p>/br>div class="header2">span class="icon i-relatedanswer">h3>我用360安全监测网站给出结论是跨站脚本攻击漏洞补救方法是：建议过滤用户输入的元数据/h3>/span>/div>div class="best-replyer">/div>p class="ft p1">你好朋友这说明你的网站有问题，建议你进入网站后台设置一下，如果还有问题，建议你到360论坛里发帖问问那里的工作人员。br/>  /br>div class="header2">span class="icon i-relatedanswer">h3>360webscan是什/h3>/span>/div>div class="best-replyer">/div>p class="ft p1">webscan.360.cn/br />咳咳，至于密码.......不知道是不是字典攻击呢br/>  /br>/p>p align="left">div style="display:none;">span id="url" itemprop="url">http://www.bkjia.com/PHPjc/861534.html/span>span id="indexUrl" itemprop="indexUrl">www.bkjia.com/span>span id="isOriginal" itemprop="isOriginal">true/span>span id="isBasedOnUrl" itemprop="isBasedOnUrl">http://www.bkjia.com/PHPjc/861534.html/span>span id="genre" itemprop="genre">TechArticle/span>span id="description" itemprop="description">360 webscan中防注入跨站攻击的核心，360webscan // get拦截规则 $getfilter = "\\.+javascript:window\\[.{1}\\\\x|.*=(#\\d+?;?)+?|.*(data|/div>/p>/div>div class="art_confoot">/div> /div>