Индекс
Търсене
Последни снимки
Регистрирайте се
ВходXSS Security
2 posters
:: Release
Страница 1 от 1
XSS Security
CrazYEscap3 Пет Мар 20, 2009 6:30 am
Понеже повечето от вас няма да знаят как да го сложат в Index си ще ви покажа
Самия скрипт е този
PHP Code:
<?php
$queryString = strtolower($_SERVER['QUERY_STRING']);
if (strstr($queryString,"<") OR strstr($queryString,">") OR strstr($queryString,"(") OR strstr($queryString,")") OR
strstr($queryString,"..") OR
strstr($queryString,"%") OR
strstr($queryString,"*") OR
strstr($queryString,"+") OR
strstr($queryString,"!") OR
strstr($queryString,"@")) {
$loc = $_SERVER['PHP_SELF'];
$ip = $_SERVER['REMOTE_ADDR'];
$date = date ("d-m-Y @ h:i:s");
$lfh = "log.txt";
$log = fopen ( $lfh,"a+" );
fputs ($log, "Attack Date: $date | Attacker IP: $ip | QueryString: $loc?=$queryString\n");
fclose($log);
echo "Вашата атака беше записане!";
}
?>
Слага се след <? в началото ви на Index-a и преди ?>
Принципно на секи muweb би трябвало да изглежда така Index-a
PHP Code:
<?
session_start();
header("Cache-control: private");
ob_start();
$timeStart=gettimeofday();
$timeStart_uS=$timeStart["usec"];
$timeStart_S=$timeStart["sec"];
require("config.php");
include("includes/web_modules.php");
include("includes/clean_var.php");
include("includes/login.class.php");
include("includes/scripts/index.inc");
include("config.php");
//security
include "includes/Security.php";
$s = new Security;
$s->sanitize_input();
login();
logincheck();
check_user();
?>
И като добавим вече скрипта става така:
PHP Code:
<?
session_start();
header("Cache-control: private");
ob_start();
$timeStart=gettimeofday();
$timeStart_uS=$timeStart["usec"];
$timeStart_S=$timeStart["sec"];
require("config.php");
include("includes/web_modules.php");
include("includes/clean_var.php");
include("includes/login.class.php");
include("includes/scripts/index.inc");
include("config.php");
login();
logincheck();
check_user();
$queryString = strtolower($_SERVER['QUERY_STRING']);
if (strstr($queryString,"<") OR strstr($queryString,">") OR strstr($queryString,"(") OR strstr($queryString,")") OR
strstr($queryString,"..") OR
strstr($queryString,"%") OR
strstr($queryString,"*") OR
strstr($queryString,"+") OR
strstr($queryString,"!") OR
strstr($queryString,"@")) {
$loc = $_SERVER['PHP_SELF'];
$ip = $_SERVER['REMOTE_ADDR'];
$date = date ("d-m-Y @ h:i:s");
$lfh = "log.txt";
$log = fopen ( $lfh,"a+" );
fputs ($log, "Attack Date: $date | Attacker IP: $ip | QueryString: $loc?=$queryString\n");
fclose($log);
echo "Вашата атака беше записане!";
}
?>
Тази защита е е тествана единствено на MUWEB !
След като запишете Index-a ще ви направи фаил log.txt в папката с саита ви и там ще ви пише всички опитвани атаки срещу вас !
Самия скрипт е този
PHP Code:
<?php
$queryString = strtolower($_SERVER['QUERY_STRING']);
if (strstr($queryString,"<") OR strstr($queryString,">") OR strstr($queryString,"(") OR strstr($queryString,")") OR
strstr($queryString,"..") OR
strstr($queryString,"%") OR
strstr($queryString,"*") OR
strstr($queryString,"+") OR
strstr($queryString,"!") OR
strstr($queryString,"@")) {
$loc = $_SERVER['PHP_SELF'];
$ip = $_SERVER['REMOTE_ADDR'];
$date = date ("d-m-Y @ h:i:s");
$lfh = "log.txt";
$log = fopen ( $lfh,"a+" );
fputs ($log, "Attack Date: $date | Attacker IP: $ip | QueryString: $loc?=$queryString\n");
fclose($log);
echo "Вашата атака беше записане!";
}
?>
Слага се след <? в началото ви на Index-a и преди ?>
Принципно на секи muweb би трябвало да изглежда така Index-a
PHP Code:
<?
session_start();
header("Cache-control: private");
ob_start();
$timeStart=gettimeofday();
$timeStart_uS=$timeStart["usec"];
$timeStart_S=$timeStart["sec"];
require("config.php");
include("includes/web_modules.php");
include("includes/clean_var.php");
include("includes/login.class.php");
include("includes/scripts/index.inc");
include("config.php");
//security
include "includes/Security.php";
$s = new Security;
$s->sanitize_input();
login();
logincheck();
check_user();
?>
И като добавим вече скрипта става така:
PHP Code:
<?
session_start();
header("Cache-control: private");
ob_start();
$timeStart=gettimeofday();
$timeStart_uS=$timeStart["usec"];
$timeStart_S=$timeStart["sec"];
require("config.php");
include("includes/web_modules.php");
include("includes/clean_var.php");
include("includes/login.class.php");
include("includes/scripts/index.inc");
include("config.php");
login();
logincheck();
check_user();
$queryString = strtolower($_SERVER['QUERY_STRING']);
if (strstr($queryString,"<") OR strstr($queryString,">") OR strstr($queryString,"(") OR strstr($queryString,")") OR
strstr($queryString,"..") OR
strstr($queryString,"%") OR
strstr($queryString,"*") OR
strstr($queryString,"+") OR
strstr($queryString,"!") OR
strstr($queryString,"@")) {
$loc = $_SERVER['PHP_SELF'];
$ip = $_SERVER['REMOTE_ADDR'];
$date = date ("d-m-Y @ h:i:s");
$lfh = "log.txt";
$log = fopen ( $lfh,"a+" );
fputs ($log, "Attack Date: $date | Attacker IP: $ip | QueryString: $loc?=$queryString\n");
fclose($log);
echo "Вашата атака беше записане!";
}
?>
Тази защита е е тествана единствено на MUWEB !
След като запишете Index-a ще ви направи фаил log.txt в папката с саита ви и там ще ви пише всички опитвани атаки срещу вас !
CrazYEscap3- Брой мнения : 16
Registration date : 19.03.2009
Age : 28
Местожителство : Сливен
Re: XSS Security
suh1q Чет Апр 02, 2009 8:59 am
CrazYEscap3 написа:Понеже повечето от вас няма да знаят как да го сложат в Index си ще ви покажа
Самия скрипт е този
PHP Code:
<?php
$queryString = strtolower($_SERVER['QUERY_STRING']);
if (strstr($queryString,"<") OR strstr($queryString,">") OR strstr($queryString,"(") OR strstr($queryString,")") OR
strstr($queryString,"..") OR
strstr($queryString,"%") OR
strstr($queryString,"*") OR
strstr($queryString,"+") OR
strstr($queryString,"!") OR
strstr($queryString,"@")) {
$loc = $_SERVER['PHP_SELF'];
$ip = $_SERVER['REMOTE_ADDR'];
$date = date ("d-m-Y @ h:i:s");
$lfh = "log.txt";
$log = fopen ( $lfh,"a+" );
fputs ($log, "Attack Date: $date | Attacker IP: $ip | QueryString: $loc?=$queryString\n");
fclose($log);
echo "Вашата атака беше записане!";
}
?>
Слага се след <? в началото ви на Index-a и преди ?>
Принципно на секи muweb би трябвало да изглежда така Index-a
PHP Code:
<?
session_start();
header("Cache-control: private");
ob_start();
$timeStart=gettimeofday();
$timeStart_uS=$timeStart["usec"];
$timeStart_S=$timeStart["sec"];
require("config.php");
include("includes/web_modules.php");
include("includes/clean_var.php");
include("includes/login.class.php");
include("includes/scripts/index.inc");
include("config.php");
//security
include "includes/Security.php";
$s = new Security;
$s->sanitize_input();
login();
logincheck();
check_user();
?>
И като добавим вече скрипта става така:
PHP Code:
<?
session_start();
header("Cache-control: private");
ob_start();
$timeStart=gettimeofday();
$timeStart_uS=$timeStart["usec"];
$timeStart_S=$timeStart["sec"];
require("config.php");
include("includes/web_modules.php");
include("includes/clean_var.php");
include("includes/login.class.php");
include("includes/scripts/index.inc");
include("config.php");
login();
logincheck();
check_user();
$queryString = strtolower($_SERVER['QUERY_STRING']);
if (strstr($queryString,"<") OR strstr($queryString,">") OR strstr($queryString,"(") OR strstr($queryString,")") OR
strstr($queryString,"..") OR
strstr($queryString,"%") OR
strstr($queryString,"*") OR
strstr($queryString,"+") OR
strstr($queryString,"!") OR
strstr($queryString,"@")) {
$loc = $_SERVER['PHP_SELF'];
$ip = $_SERVER['REMOTE_ADDR'];
$date = date ("d-m-Y @ h:i:s");
$lfh = "log.txt";
$log = fopen ( $lfh,"a+" );
fputs ($log, "Attack Date: $date | Attacker IP: $ip | QueryString: $loc?=$queryString\n");
fclose($log);
echo "Вашата атака беше записане!";
}
?>
Тази защита е е тествана единствено на MUWEB !
След като запишете Index-a ще ви направи фаил log.txt в папката с саита ви и там ще ви пише всички опитвани атаки срещу вас !
То хубаво ама вече съществува такава тема.
suh1q- Брой мнения : 4
Registration date : 13.03.2009 -
:: Release
Страница 1 от 1
Права за този форум:
Не Можете да отговаряте на темите|
|
|