Attempted exploit?

巧了我就是萌 提交于 2019-12-04 17:49:38

问题


I saw that my nopCommerce site had a logged search for:

ADw-script AD4-alert(202) ADw-/script AD4-

I'm a bit curious though what they were trying to accomplish. I searched a bit for it and appearently the ADw-script AD4- encodes in UTF7 to <script>. But why the alert(202)?

Were they just checking for vulnerabilities?

More hacking attemps was logged and I made a new question about them here: Hacking attempt, what were they trying to do and how can I check if they succeeded?


回答1:


Someone is checking if you have a UTF-7 injection vulnerability to exploit it later. UTF-7 uses only characters that are usually not considered harmful. Do you always use meta charset in your HTML?

Always use meta charset as high as possible in your HTML, like this:

<!doctype html>  
<html lang="en-us">
<head>
  <meta charset="utf-8">
  ...

and you won't have to worry about UTF-7 based XSS attacks.




回答2:


Yup , they were just checking if your site is vulnerable for XSS.

Read http://www.cgisecurity.com/xss-faq.html

and Rsnakes XSS cheat-sheet

http://ha.ckers.org/xss.html

for more info




回答3:


Presumably seeing the alert(202) execute would allow the attacker to decide whether it was feasible to inject JS onto your page. In other words, yes, you were probably being probed.




回答4:


If you want to be safe from these types of Injections, you must specify a Content-Type.

Try to put the Content-Type in headers instead of meta tags if possible. If you want to do it in php, you can do

<?php
    header('Content-Type: text/html;charset=utf-8');

at the top of your php application. If for some reasons you can't do it, you can put it in your meta tags:

<!DOCTYPE HTML>
<html>
    <head>
        <meta charset="utf-8">
        ....Rest of your page


来源:https://stackoverflow.com/questions/5153421/attempted-exploit

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!