[英]JavaScript website vulnerability
this morning I noticed a possible vulnerability on my web site; 今天早上,我注意到我的网站上可能存在漏洞; I'm not sure at all if my site can be damaged with it but well...
我完全不确定我的网站是否可以用它破坏,但是很好...
On my site I use a JavaScript code to open(display) different sections (other pages) inside the main page; 在我的网站上,我使用JavaScript代码打开(显示)主页中的不同部分(其他页面)。
On the main index.php I've this code where the other pages are displayed: 在主要的index.php上,我具有以下显示其他页面的代码:
In the head: 在头上:
<?php
$section = "default";
if (isset($_GET["page"]))
{
$section = $_GET["page"];
}
?>
In the Body: 在身体里:
<script type="text/javascript">
openPage('<?php echo($page); ?>');
</script>
And the JavaScript function is this one: JavaScript函数就是这个:
function openPage(page, form)
{
var data = "page=" + page;
if (form != null)
data += "&" + $("#" + form).serialize();
$("#content").html("<center>Wait..</center>");
$.ajax({
type: "POST",
url: "content.php",
data: data,
success: function(result) {
$("#content").html(result);
}
})
}
The content.php content.php
<?
if (file_exists("pages/".$page.".php"))
include("pages/".$page.".php");
else
{
include("pages/default.php");
}
?>
My problem is that if I write in the url: 我的问题是,如果我在url中写:
url.com/index.php?page=</script><script>alert(1)</script>
An alert message appear, what I could do? 出现警告消息,我该怎么办? Is this dangerous?
这很危险吗? How I can fix it?
我该如何解决?
Thank you all. 谢谢你们。
This is not JS vulnerability, this is your code vulnerability. 这不是JS漏洞,这是您的代码漏洞。
You can use htmlspecialchars: 您可以使用htmlspecialchars:
<?php
$section = "default";
if (isset($_GET["page"]))
{
$section = htmlspecialchars($_GET["page"]);
}
?>
http://www.w3schools.com/php/func_string_htmlspecialchars.asp http://www.w3schools.com/php/func_string_htmlspecialchars.asp
Yes, this is dangerous as people with malicious intent can now form URLs executing client side code on your domain. 是的,这很危险,因为有恶意的人现在可以在您的域上形成执行客户端代码的URL。 This can range from showing a simple alert box to hijacking cookies.
范围从显示简单的警报框到劫持cookie。 This is called cross-site scripting .
这称为跨站点脚本 。
Ignoring whether your current setup is a good one, you can fix your vulnerability by sanitizing the $_GET['page']
variable before outputting it: 忽略当前设置是否是一个好的设置,可以通过在输出
$_GET['page']
变量之前对其进行清理来修复漏洞:
htmlspecialchars($_GET['page']);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.