360 core of Cross-Site attack prevention in webscan, 360 webscan
// Get interception rule $ getfilter = "\\<. + javascript: window \\[. {1} \\\\ x | <. * = (& # \ d + ?;?) +?> | <. * (Data | src) = data: text \/html. *> | \ B (alert \ (| confirm \ (| expression \ (| prompt \ (| benchmark \ s *? \ (\ D +? | Sleep \ s *? \ ([\ D \.] +? \) | Load_file \ s *? \ () | <[A-z] +? \ B [^>] *? \ Bon ([a-z] {4,}) \ s *? = | ^ \ + \/V (8 | 9) | \ B (and | or) \ B \ s *? ([\ (\) '\ "\ D] +? = [\ (\) '\ "\ D] +? | [\ (\) '\ "A-zA-Z] +? = [\ (\) '\ "A-zA-Z] +? | >|<| \ S +? [\ W] +? \ S +? \ Bin \ B \ s *? \ (|\\ Blike \ B \ s +? [\ "']) | \/\ *. +? \ * \/| <\ S * script \ B | \ bEXEC \ B | UNION. +? SELECT (\ (. + \) | \ s + ?. + ?) | UPDATE (\ (. + \) | \ s + ?. + ?) SET | INSERT \ s + INTO. +? VALUES | (SELECT | DELETE) (\ (. + \) | \ s + ?. +? \ S ++ ?) FROM (\ (. + \) | \ s + ?. + ?) | (CREATE | ALTER | DROP | TRUNCATE) \ s + (TABLE | DATABASE) "; // post interception rule $ postfilter =" <. * = (& # \ d + ?;?) +?> | <. * Data = data: text \/html. *> | \ B (alert \ (| confirm \ (| expression \ (| prompt \ (| benchmark \ s *? \ (\ D +? | Sleep \ s *? \ ([\ D \.] +? \) | Load_file \ s *? \ () | <[^>] *? \ B (onerror | onmousemove | onload | onclick | onmouseover) \ B | \ B (and | or) \ B \ s *? ([\ (\) '\ "\ D] +? = [\ (\) '\ "\ D] +? | [\ (\) '\ "A-zA-Z] +? = [\ (\) '\ "A-zA-Z] +? | >|<| \ S +? [\ W] +? \ S +? \ Bin \ B \ s *? \ (|\\ Blike \ B \ s +? [\ "']) | \/\ *. +? \ * \/| <\ S * script \ B | \ bEXEC \ B | UNION. +? SELECT (\ (. + \) | \ s + ?. + ?) | UPDATE (\ (. + \) | \ s + ?. + ?) SET | INSERT \ s + INTO. +? VALUES | (SELECT | DELETE) (\ (. + \) | \ s + ?. +? \ S ++ ?) FROM (\ (. + \) | \ s + ?. + ?) | (CREATE | ALTER | DROP | TRUNCATE) \ s + (TABLE | DATABASE) "; // cookie Blocking Rule $ cookiefilter =" benchmark \ s *? \ (\ D +? | Sleep \ s *? \ ([\ D \.] +? \) | Load_file \ s *? \ (|\\ B (and | or) \ B \ s *? ([\ (\) '\ "\ D] +? = [\ (\) '\ "\ D] +? | [\ (\) '\ "A-zA-Z] +? = [\ (\) '\ "A-zA-Z] +? | >|<| \ S +? [\ W] +? \ S +? \ Bin \ B \ s *? \ (|\\ Blike \ B \ s +? [\ "']) | \/\ *. +? \ * \/| <\ S * script \ B | \ bEXEC \ B | UNION. +? SELECT (\ (. + \) | \ s + ?. + ?) | UPDATE (\ (. + \) | \ s + ?. + ?) SET | INSERT \ s + INTO. +? VALUES | (SELECT | DELETE) (\ (. + \) | \ s + ?. +? \ S ++ ?) FROM (\ (. + \) | \ s + ?. + ?) | (CREATE | ALTER | DROP | TRUNCATE) \ s + (TABLE | DATABASE )";
Not much.
I used the 360 security monitoring website to conclude that the solution to cross-site scripting attacks is: We recommend that you filter user input metadata.
Your good friend indicates that your website has a problem. We suggest you go to the website background and set up it. If you have any questions, I suggest you post in the 360 forum to ask the staff there.
What is 360webscan?
Webscan.360.cn/
Ke, as for the password... I don't know if it's a dictionary attack.