Search for the CRLF Injection Vulnerability (HTTP response splitting vulnerability) through regular expressions _ PHP Tutorial

The regular expression is used to search for the CRLF Injection Vulnerability (HTTP response splitting vulnerability ). After detecting a site vulnerability with, I published an article on how to fix the vulnerability. However, many children's shoes have some problems. many children's shoes are stuck in the variable name step. after is used to detect site vulnerabilities, an article is published to address these vulnerabilities. However, many children's shoes have some problems. many children's shoes are stuck in the variable name step and do not know how to find and add code. indeed, because the variable names of every program cannot be the same, and how can we ensure the versatility of the code? today we will teach you how to use regular expressions to find and add code.

\ $. + =\$ _ GET \ ['. +' \];
\ $. + =\$ _ GET \ ['. +' \];

The above are the two regular expressions to be used this time. note:The two lines of code are independent and cannot be put together in one breath. it is good to use a regular expression every time.

Let's talk about it here. if shoes use the comments-link-redirect plug-in compiled by zhiyubird, you must read this article, this plug-in has the CRLF Injection attack vulnerability (HTTP response splitting vulnerability). I have already reported it to zhiwu.com, and he said there will be updates. Let's start with this plug-in to see how to solve site vulnerabilities.

First, use the code editor program that supports regular expressions such as Dreamweaver to open all PHP files that may have vulnerabilities.

Open the search dialog box (press Ctrl + F on the keyboard), and then select the "use regular expression" option.

Search by using the two regular expressions provided above in sequence. Note that I refer to the order in which not two rows are used together. If a matching value is found, the matching code is highlighted in the code browsing window.

The following code is found in the regular expression.

$ Redirect = $ _ GET ['R'];

The following is a popularity. the redirect in the above code is the variable name, which may be abcd or heheh. Then we insert the following code in the next line of the above line of code.

$ Redirect = trim (str_replace ("\ r", "", str_replace ("\ r \ n", "", strip_tags (str_replace ("'","", str_replace ("\ n", "", str_replace ("", "", str_replace ("\ t", "", trim ($ redirect ))))), ""))));

The above code contains two variable names, which are the English words starting with $. if you need to use them according to your own requirements, you must replace the two variable names. Copy the above code to the bottom of the code with the vulnerability, just like below.

$ Redirect = $ _ GET ['R'];
$ Redirect = trim (str_replace ("\ r", "", str_replace ("\ r \ n", "", strip_tags (str_replace ("'","", str_replace ("\ n", "", str_replace ("", "", str_replace ("\ t", "", trim ($ redirect ))))), ""))));

In this way, all problems will be solved.

Source: http://www.yiduqiang.com/regex-find-crlf.html

After detection of site vulnerabilities in vivo, Alibaba Cloud released an article to address the vulnerabilities. However, many children's shoes have some problems. many children's shoes are stuck in the variable name step...