高—sql盲注
对前台传过来的参数中特殊字符进行过滤替换
/**
* 对前台传过来参数中的敏感字符进行过滤替换
* */
publicstatic StringfilterHtml(String input){
if(input == null){returnnull;}
if(input.length() == 0){return input;}
String regEx_script = "<script[^>]*?>[\\s\\S]*?<\\/script>"; // 定义script的正则表达式
Pattern p_script = Pattern.compile(regEx_script,Pattern.CASE_INSENSITIVE);
Matcher m_script =p_script.matcher(input);
input = m_script.replaceAll(""); // 过滤script标签
String regEx_html = "<[^>]+>";// 定义HTML标签的正则表达式
Pattern p_html = Pattern.compile(regEx_html,Pattern.CASE_INSENSITIVE);
Matcher m_html =p_html.matcher(input);
input = m_html.replaceAll(""); // 过滤html标签
String regEx_space = "\\s*|\t|\r|\n";//定义空格回车换行符
Pattern p_space = Pattern.compile(regEx_space,Pattern.CASE_INSENSITIVE);
Matcher m_space =p_space.matcher(input);
input = m_space.replaceAll(""); // 过滤空格回车标签
String sql_filter="and|exec|insert|select|delete|update|count|chr|mid|master|truncate|char|declare|or|having|order"
// |空格|! | " | #| $ | % | & | ' | ( | ) | @
+ "|%20|%21|%22|%23|%24|%25|%26|%27|%28|%29|%40"
// | * | + | , | / | : | ; | < | = | > | ? | [ | \ | ] | |
+ "|%2A|%2B|%2C|%2F|%3A|%3B|%3C|%3D|%3E|%3F|%5B|%5C|%5D|%7C"
+ "|=|\\+|-|&|<|>|'|$|%|@|\\(|\\)|\\\\|#|\\*|;|\\."
+ "|!|\"|&|,|/|:|\\?|[|]|\\||";
input=input.replaceAll(sql_filter, "");
return input;
}
中—登录错误消息凭证枚举
解决方法:登录错误时,提示相同的信息
低—Flash参数AllowScriptAccess已设置为always
<paramname="allowscriptaccess" value="sameDomain" />
改为
<paramname="allowscriptaccess" value="always" />
低—发现可高速缓存的SSL页面
在<head></head>中添加如下标签:<meta http-equiv="Cache-Control"content="no-store" />
<meta http-equiv="Pragma"content="no-cache" />
或加入如下代码:
<%
//禁用页面高速缓存
response.setHeader("Cache-Control","no-store");//HTTP 1.1
response.setHeader("Pragma","no-cache"); //HTTP1.0
response.setDateHeader ("Expires", 0);//prevents caching at the proxy server
%>
低—SSL请求中的查询参数
提交方式改为POST提交
低—缺少跨帧脚本防御编制
在http头里添加x-frame-options:
<%
//当前页面加载任的Frame只能为同源域名下的页面,防止跨帧脚本编制攻击
response.addHeader("x-frame-options","SAMEORIGIN");
%>