Web漏洞处理--http host头攻击漏洞处理方案/检测到目标URL存在宽字节跨站漏洞/ 检测到目标URL存在SQL注入漏洞
2018-02-09 17:32
926 查看
1.配置web 拦截器 <filter>
<filter-name>XssSqlFilter</filter-name>
<filter-class>com.modules.sys.security.SessionFilter</filter-class> //拦截器的位置
</filter>
<filter-mapping>
<filter-name>XssSqlFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>2.拦截器代码package com.todaytech.yth.gdsd.base.Filter;
import java.io.IOException;
import java.util.Iterator;
import java.util.Map;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
public class SessionFilter implements Filter {
private static Logger log = Logger.getLogger(SessionFilter.class);
public void destroy() { }
public void doFilter(ServletRequest servletRequest,
ServletResponse servletResponse, FilterChain filterChain)
throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
String requestStr = getRequestString(request);
System.out.println("requestStr: ======================== " + requestStr);
System.out.println("完整的地址是====" + request.getRequestURL().toString());
System.out.println("提交的方式是========" + request.getMethod());
log.info("requestStr: ======================== " + requestStr);
log.info("完整的地址是====" + request.getRequestURL().toString());
log.info("提交的方式是========" + request.getMethod());
if ("bingo".equals(guolv2(requestStr))
|| "bingo".equals(guolv2(request.getRequestURL().toString()))) {
System.out.println("======访问地址发现非法字符,已拦截======");
log.info("======访问地址发现非法字符,已拦截======其非法地址为:"+guolv2(request.getRequestURL().toString()));
response.sendRedirect(request.getContextPath() + "/login.jsp");
return;
}
// 主机ip和端口 或 域名和端口
String myhosts = request.getHeader("host");
if (!StringUtils.equals(myhosts, "xx.xx.xxx.xxx:xxxx")
&& !StringUtils.equals(myhosts, "xx.xx.xxx.xxx:xxxx")
&& !StringUtils.equals(myhosts, "xx.xx.xxx.xxx:xxxx")
&& !StringUtils.equals(myhosts, "xx.xx.xxx.xxx")
&& !StringUtils.equals(myhosts, "xx.xx.xxx.xxx")
&& !StringUtils.equals(myhosts, "xx.xx.xxx.xxx")) {
System.out.println("======访问host非法,已拦截======其非法host为:"+myhosts);
log.info("======访问host非法,已拦截======其非法host为:"+myhosts);
response.sendRedirect(request.getContextPath() + "/login.jsp"); //或者response.setStatus(403);
return;
}
String currentURL = request.getRequestURI();
// add by wangsk 过滤请求特殊字符,扫描跨站式漏洞
Map parameters = request.getParameterMap();
if (parameters != null && parameters.size() > 0) {
for (Iterator iter = parameters.keySet().iterator(); iter.hasNext();) {
String key = (String) iter.next();
String[] values = (String[]) parameters.get(key);
for (int i = 0; i < values.length; i++) {
values[i] = guolv(values[i]);
System.out.println(values[i]);
}
}
}
filterChain.doFilter(servletRequest, servletResponse);return;
}
public void init(FilterConfig filterConfig) throws ServletException {
}
public static String guolv(String a) {
a = a.replaceAll("%22", "");
a = a.replaceAll("%27", "");
a = a.replaceAll("%3E", "");
a = a.replaceAll("%3e", "");
a = a.replaceAll("%3C", "");
a = a.replaceAll("%3c", "");
a = a.replaceAll("<", "");
a = a.replaceAll(">", "");
a = a.replaceAll("\"", "");
a = a.replaceAll("'", "");
a = a.replaceAll("\\+", "");
a = a.replaceAll("\\(", "");
a = a.replaceAll("\\)", "");
a = a.replaceAll(" and ", "");
a = a.replaceAll(" or ", "");
a = a.replaceAll(" 1=1 ", "");
return a;
}
private String getRequestString(HttpServletRequest req) {
String requestPath = req.getServletPath().toString();
String queryString = req.getQueryString();
if (queryString != null)
return requestPath + "?" + queryString;
else
return requestPath;
}
public String guolv2(String a) {
if (StringUtils.isNotEmpty(a)) {
if (a.contains("%22") || a.contains("%3E") || a.contains("%3e")
|| a.contains("%3C") || a.contains("%3c")
|| a.contains("<") || a.contains(">") || a.contains("\"")
|| a.contains("'") || a.contains("+") || /*
* a.contains("%27")
* ||
*/
a.contains(" and ") || a.contains(" or ")
|| a.contains("1=1") || a.contains("(") || a.contains(")")) {
return "bingo";
}
}
return a;
}
}
<filter-name>XssSqlFilter</filter-name>
<filter-class>com.modules.sys.security.SessionFilter</filter-class> //拦截器的位置
</filter>
<filter-mapping>
<filter-name>XssSqlFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>2.拦截器代码package com.todaytech.yth.gdsd.base.Filter;
import java.io.IOException;
import java.util.Iterator;
import java.util.Map;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
public class SessionFilter implements Filter {
private static Logger log = Logger.getLogger(SessionFilter.class);
public void destroy() { }
public void doFilter(ServletRequest servletRequest,
ServletResponse servletResponse, FilterChain filterChain)
throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
String requestStr = getRequestString(request);
System.out.println("requestStr: ======================== " + requestStr);
System.out.println("完整的地址是====" + request.getRequestURL().toString());
System.out.println("提交的方式是========" + request.getMethod());
log.info("requestStr: ======================== " + requestStr);
log.info("完整的地址是====" + request.getRequestURL().toString());
log.info("提交的方式是========" + request.getMethod());
if ("bingo".equals(guolv2(requestStr))
|| "bingo".equals(guolv2(request.getRequestURL().toString()))) {
System.out.println("======访问地址发现非法字符,已拦截======");
log.info("======访问地址发现非法字符,已拦截======其非法地址为:"+guolv2(request.getRequestURL().toString()));
response.sendRedirect(request.getContextPath() + "/login.jsp");
return;
}
// 主机ip和端口 或 域名和端口
String myhosts = request.getHeader("host");
if (!StringUtils.equals(myhosts, "xx.xx.xxx.xxx:xxxx")
&& !StringUtils.equals(myhosts, "xx.xx.xxx.xxx:xxxx")
&& !StringUtils.equals(myhosts, "xx.xx.xxx.xxx:xxxx")
&& !StringUtils.equals(myhosts, "xx.xx.xxx.xxx")
&& !StringUtils.equals(myhosts, "xx.xx.xxx.xxx")
&& !StringUtils.equals(myhosts, "xx.xx.xxx.xxx")) {
System.out.println("======访问host非法,已拦截======其非法host为:"+myhosts);
log.info("======访问host非法,已拦截======其非法host为:"+myhosts);
response.sendRedirect(request.getContextPath() + "/login.jsp"); //或者response.setStatus(403);
return;
}
String currentURL = request.getRequestURI();
// add by wangsk 过滤请求特殊字符,扫描跨站式漏洞
Map parameters = request.getParameterMap();
if (parameters != null && parameters.size() > 0) {
for (Iterator iter = parameters.keySet().iterator(); iter.hasNext();) {
String key = (String) iter.next();
String[] values = (String[]) parameters.get(key);
for (int i = 0; i < values.length; i++) {
values[i] = guolv(values[i]);
System.out.println(values[i]);
}
}
}
filterChain.doFilter(servletRequest, servletResponse);return;
}
public void init(FilterConfig filterConfig) throws ServletException {
}
public static String guolv(String a) {
a = a.replaceAll("%22", "");
a = a.replaceAll("%27", "");
a = a.replaceAll("%3E", "");
a = a.replaceAll("%3e", "");
a = a.replaceAll("%3C", "");
a = a.replaceAll("%3c", "");
a = a.replaceAll("<", "");
a = a.replaceAll(">", "");
a = a.replaceAll("\"", "");
a = a.replaceAll("'", "");
a = a.replaceAll("\\+", "");
a = a.replaceAll("\\(", "");
a = a.replaceAll("\\)", "");
a = a.replaceAll(" and ", "");
a = a.replaceAll(" or ", "");
a = a.replaceAll(" 1=1 ", "");
return a;
}
private String getRequestString(HttpServletRequest req) {
String requestPath = req.getServletPath().toString();
String queryString = req.getQueryString();
if (queryString != null)
return requestPath + "?" + queryString;
else
return requestPath;
}
public String guolv2(String a) {
if (StringUtils.isNotEmpty(a)) {
if (a.contains("%22") || a.contains("%3E") || a.contains("%3e")
|| a.contains("%3C") || a.contains("%3c")
|| a.contains("<") || a.contains(">") || a.contains("\"")
|| a.contains("'") || a.contains("+") || /*
* a.contains("%27")
* ||
*/
a.contains(" and ") || a.contains(" or ")
|| a.contains("1=1") || a.contains("(") || a.contains(")")) {
return "bingo";
}
}
return a;
}
}
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- 目标URL存在跨站漏洞和目标URL存在http host头攻击漏洞处理方案
- 目标URL存在跨站漏洞和目标URL存在http host头攻击漏洞处理方案
- 检测到目标URL存在http host头攻击漏洞
- 检测到目标URL存在http host头攻击漏洞
- Java Web项目漏洞:检测到目标URL存在http host头攻击漏洞解决办法
- Java Web项目漏洞: 检测到目标URL存在http host头攻击漏洞解决办法
- 目标URL存在http host头攻击漏洞tomcat修复方法
- URL存在http host头攻击漏洞-修复方案
- 检测到目标URL存在SQL注入漏洞
- java 漏洞处理--http host头攻击漏洞处理方案
- XXx外网检测到目标URL存在基于DOM的跨站脚本漏洞
- 请求验证过程检测到有潜在危险的客户端输入值,对请求的处理已经中止。该值可能指示存在危及应用程序安全的尝试,如跨站点脚本攻击。若要允许页面重写应用程序请求验证设置
- 【安全牛学习笔记】手动漏洞挖掘-SQL注入XSS-简介、跨站脚本检测和常见的攻击利用手段
- 网站漏洞处理(SQL注入、XSS脚本攻击、防外站提交)以及扩展思路
- .NET 关于从客户端(...)中检测到有潜在危险的Request.Form 值的处理办法 找不到方法:System.Web.UnvalidatedRequestValues报错的处理方案(待完善)
- 网站跨站点脚本,Sql注入等攻击的处理
- web攻防之跨站脚本攻击漏洞
- 网站跨站点脚本,Sql注入等攻击的处理
- 错误:为 Web 项目“XXX”配置的 URL“http://localhost/”的网站同时存在于本地 IIS Web 服务器和 IIS Express Web 服务器上。您需要使用 IIS 管理器在 IIS 中更改此网站的绑定。
- WAF——针对Web应用发起的攻击,包括但不限于以下攻击类型:SQL注入、XSS跨站、Webshell上传、命令注入、非法HTTP协议请求、非授权文件访问等