Attempted exploit?

后端 未结 4 1299
春和景丽
春和景丽 2021-02-14 04:53

I saw that my nopCommerce site had a logged search for:

ADw-script AD4-alert(202) ADw-/script AD4-

I\'m a bit curious though what they were try

相关标签:
4条回答
  • 2021-02-14 05:15

    Presumably seeing the alert(202) execute would allow the attacker to decide whether it was feasible to inject JS onto your page. In other words, yes, you were probably being probed.

    0 讨论(0)
  • 2021-02-14 05:25

    Yup , they were just checking if your site is vulnerable for XSS.

    Read http://www.cgisecurity.com/xss-faq.html

    and Rsnakes XSS cheat-sheet

    http://ha.ckers.org/xss.html

    for more info

    0 讨论(0)
  • 2021-02-14 05:26

    Someone is checking if you have a UTF-7 injection vulnerability to exploit it later. UTF-7 uses only characters that are usually not considered harmful. Do you always use meta charset in your HTML?

    Always use meta charset as high as possible in your HTML, like this:

    <!doctype html>  
    <html lang="en-us">
    <head>
      <meta charset="utf-8">
      ...
    

    and you won't have to worry about UTF-7 based XSS attacks.

    0 讨论(0)
  • 2021-02-14 05:33

    If you want to be safe from these types of Injections, you must specify a Content-Type.

    Try to put the Content-Type in headers instead of meta tags if possible. If you want to do it in php, you can do

    <?php
        header('Content-Type: text/html;charset=utf-8');
    

    at the top of your php application. If for some reasons you can't do it, you can put it in your meta tags:

    <!DOCTYPE HTML>
    <html>
        <head>
            <meta charset="utf-8">
            ....Rest of your page
    
    0 讨论(0)
提交回复
热议问题