PHP vulnerability solution (III)-client script implantation

This article describes how to implant client scripts to PHP websites. The client script embedding attack refers to inserting executable scripts into objects such as forms, images, animations, or hyperlink text. When the user opens these objects, the script implanted by the hacker will be executed, and then the attack starts.

Script Insertion refers to inserting executable scripts into objects such as forms, images, animations, or hyperlink text. When the user opens these objects, the script implanted by the attacker will be executed, and then the attack will begin.

HTML tags that can be embedded as scripts generally include:

1. page script programs such as javascript and vbscript marked by the script tab. You can specify the js program code in the script label, or specify the URL path of the js file in the src attribute.

2,Tag object. These objects are java applets, multimedia files, ActiveX controls, and so on. Generally, the URL path of an object is specified in the data attribute.

3,Tag object. These objects are multimedia files, such as swf files. Generally, the URL path of an object is specified in the src attribute.

4. Tag objects. These objects are java applets. Generally, the URL path of an object is specified in the codebase attribute.

5,

Tag object. Generally, the URL path of the web application to process form data is specified in the action attribute.

Client script implantation attack steps

1. attackers can log on to the website after registering a common user.

2. open the message page and insert the attacked js code.

3. other users log on to the website (including administrators) and view the content of this message.

4. the JavaScript code hidden in the message content is executed and the attack succeeds.

Instance

Database

Create table 'postmessage '(

'Id' int (11) not null auto_increment,

'Subobject' varchar (60) not null default ",

'Name' varchar (40) not null default ",

'Email 'varchar (25) not null default ",

'Question' mediumtext not null,

'Postdate' datetime not null default '2017-00-00 00:00:00 ′,

Primary key ('id ')

) ENGINE = MyISAM default charset = gb2312 COMMENT = 'users' comments' AUTO_INCREMENT = 69;

// Add. php insert a message

// List. php message list

// Show. php displays the message

Submitted message

When you browse this message, the JavaScript script is executed.

Insert script while (1) {windows. open ();} script unlimited dialog box

Insert script location. href = "http://www.sectop.com"; script jump to phishing page

Or use other self-constructed js code for attacks.

Preventive methods

The htmlspecialchars function is generally used to convert special characters into HTML encoding.

Function prototype

String htmlspecialchars (string, int quote_style, string charset)

String is the string to be encoded.

Quote_style is optional. The value can be ENT_COMPAT, ENT_QUOTES, and ENT_NOQUOTES. the default value is ENT_COMPAT, indicating that only double quotation marks are converted without single quotation marks. ENT_QUOTES, which indicates that both double quotation marks and single quotation marks must be converted. ENT_NOQUOTES, indicating that double quotation marks and single quotation marks are not converted

Charset (optional) indicates the character set used.

The function converts the following special characters into html encoding:

& --> &

"-->"

'-->'

<--> <

> -->

Change line 98th of show. php

Then, view the vulnerability page for inserting JavaScript.