Cross-Site-Scripting(XSS) Solution

Posted on 2021-04-28 Edited on 2024-07-03 In Information Security Views: Disqus: Symbols count in article: 2.1k Reading time ≈ 4 mins.

Intro Cross-Site-Scripting(XSS) Solution

這篇介紹Cross-Site-Scripting(XSS)，它是一個資訊安全滲透測試的issue。

Case Study

1
2
3

XSS是指hacker利用網頁程式的漏洞，將攻擊語法寫入資料庫或注入網頁參數，
使瀏覽器載入該網頁時會一併含有攻擊語法的值帶入回應，導致下載惡意程式
或傳輸使用者機密資訊等資安風險。

攻擊手法

1.竊取cookie
2.植入Flash
3.用iframe、frame、XMLHttpRequest等方式，以用戶的身分執行管理動作
4.DDos

Solution

每個參數檢查非法字元:

private static final Pattern[] xssPatterns = new Pattern[] {
	// Script fragments
	Pattern.compile("&lt;script&gt;(.*?)&lt;/script&gt;", Pattern.CASE_INSENSITIVE),
	Pattern.compile("<script>(.*?)</script>", Pattern.CASE_INSENSITIVE),
	// src='...'
	Pattern.compile("src[\r\n]*=[\r\n]*\\\'(.*?)\\\'", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL),
	Pattern.compile("src[\r\n]*=[\r\n]*\\\"(.*?)\\\"", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL),
	// lonely script tags
	Pattern.compile("&lt;/script&gt;", Pattern.CASE_INSENSITIVE),
	Pattern.compile("</script>", Pattern.CASE_INSENSITIVE),
	Pattern.compile("&lt;script(.*?)&gt;", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL),
	Pattern.compile("<script(.*?)>", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL),
	// eval(...)
	Pattern.compile("eval\\((.*?)\\)", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL),
	// expression(...)
	Pattern.compile("expression\\((.*?)\\)", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL),
	// javascript:...
	Pattern.compile("javascript:", Pattern.CASE_INSENSITIVE),
	// vbscript:...
	Pattern.compile("vbscript:", Pattern.CASE_INSENSITIVE),
	// onload(...)=...
	Pattern.compile("onload(.*?)=", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL)
};


public static String stripXSS(String value) {
	if (value != null) {

		value = value.replaceAll("\0", "");

		for (Pattern scriptPattern : xssPatterns) {
			value = scriptPattern.matcher(value).replaceAll("");
		}
	}
	return value;
}