by ·2条评论

流传的移除XSS攻击的php函数

The goal of this function is to be a generic function that can be used to parse almost any input and render it XSS safe. For more information on actual XSS attacks, check out http://ha.ckers.org/xss.html. Another excellent site is the XSS Database which details each attack and how it works.

<?php
/**
 * Usage: Run *every* variable passed in through it.
 * The goal of this function is to be a generic function that can be used to
 * parse almost any input and render it XSS safe. For more information on
 * actual XSS attacks, check out http://ha.ckers.org/xss.html. Another
 * excellent site is the XSS Database which details each attack and how it
 * works.
 *
 * Used with permission by the author.
 * URL: http://quickwired.com/smallprojects/php_xss_filter_function.php
 *
 * License:
 * This code is public domain, you are free to do whatever you want with it,
 * including adding it to your own project which can be under any license.
 *
 * $Id: RemoveXSS.php 2663 2007-11-05 09:22:23Z ingmars $
 *
 * @author	Travis Puderbaugh <kallahar@quickwired.com>
 * @package RemoveXSS
 */
class RemoveXSS {

	/**
	 * Wrapper for the RemoveXSS function.
	 * Removes potential XSS code from an input string.
	 *
	 * Using an external class by Travis Puderbaugh <kallahar@quickwired.com>
	 *
	 * @param	string		Input string
	 * @return	string		Input string with potential XSS code removed
	 */
	function RemoveXSS($val)	{
		// remove all non-printable characters. CR(0a) and LF(0b) and TAB(9) are allowed
		// this prevents some character re-spacing such as <java\0script>
		// note that you have to handle splits with \n, \r, and \t later since they *are* allowed in some inputs
		$val = preg_replace('/([\x00-\x08][\x0b-\x0c][\x0e-\x20])/', '', $val);

		// straight replacements, the user should never need these since they're normal characters
		// this prevents like <IMG SRC=&#X40&#X61&#X76&#X61&#X73&#X63&#X72&#X69&#X70&#X74&#X3A&#X61&#X6C&#X65&#X72&#X74&#X28&#X27&#X58&#X53&#X53&#X27&#X29>
		$search = 'abcdefghijklmnopqrstuvwxyz';
		$search.= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
		$search.= '1234567890!@#$%^&*()';
		$search.= '~`";:?+/={}[]-_|\'\\';

		for ($i = 0; $i < strlen($search); $i++) {
			// ;? matches the ;, which is optional
			// 0{0,7} matches any padded zeros, which are optional and go up to 8 chars

			// &#x0040 @ search for the hex values
			$val = preg_replace('/(&#[x|X]0{0,8}'.dechex(ord($search[$i])).';?)/i', $search[$i], $val); // with a ;
			// &#00064 @ 0{0,7} matches '0' zero to seven times
			$val = preg_replace('/(&#0{0,8}'.ord($search[$i]).';?)/', $search[$i], $val); // with a ;
		}

		// now the only remaining whitespace attacks are \t, \n, and \r
		$ra1 = array('javascript', 'vbscript', 'expression', 'applet', 'meta', 'xml', 'blink', 'link', 'style', 'script', 'embed', 'object', 'iframe', 'frame', 'frameset', 'ilayer', 'layer', 'bgsound', 'title', 'base');
		$ra2 = array('onabort', 'onactivate', 'onafterprint', 'onafterupdate', 'onbeforeactivate', 'onbeforecopy', 'onbeforecut', 'onbeforedeactivate', 'onbeforeeditfocus', 'onbeforepaste', 'onbeforeprint', 'onbeforeunload', 'onbeforeupdate', 'onblur', 'onbounce', 'oncellchange', 'onchange', 'onclick', 'oncontextmenu', 'oncontrolselect', 'oncopy', 'oncut', 'ondataavailable', 'ondatasetchanged', 'ondatasetcomplete', 'ondblclick', 'ondeactivate', 'ondrag', 'ondragend', 'ondragenter', 'ondragleave', 'ondragover', 'ondragstart', 'ondrop', 'onerror', 'onerrorupdate', 'onfilterchange', 'onfinish', 'onfocus', 'onfocusin', 'onfocusout', 'onhelp', 'onkeydown', 'onkeypress', 'onkeyup', 'onlayoutcomplete', 'onload', 'onlosecapture', 'onmousedown', 'onmouseenter', 'onmouseleave', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup', 'onmousewheel', 'onmove', 'onmoveend', 'onmovestart', 'onpaste', 'onpropertychange', 'onreadystatechange', 'onreset', 'onresize', 'onresizeend', 'onresizestart', 'onrowenter', 'onrowexit', 'onrowsdelete', 'onrowsinserted', 'onscroll', 'onselect', 'onselectionchange', 'onselectstart', 'onstart', 'onstop', 'onsubmit', 'onunload');
		$ra = array_merge($ra1, $ra2);

		$found = true; // keep replacing as long as the previous round replaced something
		while ($found == true) {
			$val_before = $val;
			for ($i = 0; $i < sizeof($ra); $i++) {
				$pattern = '/';
				for ($j = 0; $j < strlen($ra[$i]); $j++) {
					if ($j > 0) {
						$pattern .= '(';
						$pattern .= '(&#[x|X]0{0,8}([9][a][b]);?)?';
						$pattern .= '|(&#0{0,8}([9][10][13]);?)?';
						$pattern .= ')?';
					}
					$pattern .= $ra[$i][$j];
				}
				$pattern .= '/i';
				$replacement = substr($ra[$i], 0, 2).'<x>'.substr($ra[$i], 2); // add in <> to nerf the tag
				$val = preg_replace($pattern, $replacement, $val); // filter out the hex tags
				if ($val_before == $val) {
					// no replacements were made, so exit the loop
					$found = false;
				}
			}
		}

		return $val;
	}
}

?>

 

Discuz系统中 防止XSS漏洞攻击,过滤HTML危险标签属性的PHP函数

//屏蔽html
function checkhtml($html) {
	$html = stripslashes($html);
	if(!checkperm('allowhtml')) {

		preg_match_all("/<([^<]+)>/is", $html, $ms);

		$searchs[] = '<';
		$replaces[] = '<';
		$searchs[] = '>';
		$replaces[] = '>';

		if($ms[1]) {
			$allowtags = 'img|a|font|div|table|tbody|caption|tr|td|th|br
						|p|b|strong|i|u|em|span|ol|ul|li|blockquote
						|object|param|embed';//允许的标签
			$ms[1] = array_unique($ms[1]);
			foreach ($ms[1] as $value) {
				$searchs[] = "<".$value.">";
				$value = shtmlspecialchars($value);
				$value = str_replace(array('\','/*'), array('.','/.'), $value);
				$skipkeys = array(
						'onabort','onactivate','onafterprint','onafterupdate',
						'onbeforeactivate','onbeforecopy','onbeforecut',
						'onbeforedeactivate','onbeforeeditfocus','onbeforepaste',
						'onbeforeprint','onbeforeunload','onbeforeupdate',
						'onblur','onbounce','oncellchange','onchange',
						'onclick','oncontextmenu','oncontrolselect',
						'oncopy','oncut','ondataavailable',
						'ondatasetchanged','ondatasetcomplete','ondblclick',
						'ondeactivate','ondrag','ondragend',
						'ondragenter','ondragleave','ondragover',
						'ondragstart','ondrop','onerror','onerrorupdate',
						'onfilterchange','onfinish','onfocus','onfocusin',
						'onfocusout','onhelp','onkeydown','onkeypress',
						'onkeyup','onlayoutcomplete','onload',
						'onlosecapture','onmousedown','onmouseenter',
						'onmouseleave','onmousemove','onmouseout',
						'onmouseover','onmouseup','onmousewheel',
						'onmove','onmoveend','onmovestart','onpaste',
						'onpropertychange','onreadystatechange','onreset',
						'onresize','onresizeend','onresizestart',
						'onrowenter','onrowexit','onrowsdelete',
						'onrowsinserted','onscroll','onselect',
						'onselectionchange','onselectstart','onstart',
						'onstop','onsubmit','onunload','javascript',
						'script','eval','behaviour','expression',
						'style','class'
					);
				$skipstr = implode('|', $skipkeys);
				$value = preg_replace(array("/($skipstr)/i"), '.', $value);
				if(!preg_match("/^[/|s]?($allowtags)(s+|$)/is", $value)) {
					$value = '';
				}
				$replaces[] = empty($value)?'':"<".str_replace('"', '"', $value).">";
			}
		}
		$html = str_replace($searchs, $replaces, $html);
	}
	$html = addslashes($html);

	return $html;
}

 

by ·0评论

centos7没有ifconfig怎么看ip?

ip addr  #看网卡接口和ip

ip addr add 10.8.8.2.24 dev  网卡名  #临时加ip

centos7没有netstat怎么看网络连接?

ss -ano #看网络连接状态

ss -anl #看网络监听状态

centos7怎么看某个tcp端口是什么进程开的,这个进程的pid是多少?

lsof -i:22 #看tcp22端口

centos7用systemd替换了SysV没有service了改用systemctl后怎么看当前的服务项?

systemctl list-unit-files |grep enabled  #查看当前启用的服务。

systemctl disable 服务名称   #禁止某服务

 

centos7 怎么打开http  tcp 80端口?

firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --reload

 

by ·3条评论

 

#安装依赖库
yum -y install mysql-devel libcurl-devel net-snmp-devel Percona-Server-devel-55
#因为我的mysql使用的是percona55 所以这里需要装 Percona-Server-devel-55

#给zabbix在mysql中创建库和用户
create database zabbix character set utf8;
grant all privileges on zabbix.* to zabbix@localhost identified by 'zabbix';


#创建zabbix运行的独立用户
groupadd zabbix
useradd zabbix -g zabbix -s /sbin/nologin

#下载编译安装zabbix
wget -O zabbix.tar.gz -c "http://sourceforge.net/projects/zabbix/files/ZABBIX%20Latest%20Stable/2.2.4/zabbix-2.2.4.tar.gz/download"

tar zxvf zabbix.tar.gz
cd zabbix-2.2.4/

./configure --prefix=/usr/local/zabbix --enable-server --enable-agent \
--with-mysql --with-net-snmp --with-libcurl
make install

##编译错误解决
#checking for mysql_config... /usr/bin/mysql_config
#checking for main in -lmysqlclient... no
#configure: error: Not found mysqlclient library
ln -s /usr/lib64/mysql/libmysqlclient.so.16.0.0 /usr/lib64/mysql/libmysqlclient.so
ln -s /usr/lib64/mysql/libmysqlclient_r.so.16.0.0 /usr/lib64/mysql/libmysqlclient_r.so
ln -s /usr/lib64/libmysqlclient.so.16.0.0 /usr/lib64/libmysqlclient.so
ln -s /usr/lib64/libmysqlclient_r.so.16.0.0 /usr/lib64/libmysqlclient_r.so

#导入zabbix的数据库
mysql -uzabbix -pzabbix -hlocalhost zabbix < database/mysql/schema.sql
mysql -uzabbix -pzabbix -hlocalhost zabbix < database/mysql/images.sql
mysql -uzabbix -pzabbix -hlocalhost zabbix < database/mysql/data.sql

#修改配置文件
cp misc/init.d/fedora/core/zabbix_server /etc/init.d/
cp misc/init.d/fedora/core/zabbix_agentd /etc/init.d/
cp -R frontends/php /data/wwwroot/zabbix  #复制web文件到网站目录,替换成你自己的
sed -i 's/^DBUser=.*$/DBUser=zabbix/g' /usr/local/zabbix/etc/zabbix_server.conf
sed -i 's/^.*DBPassword=.*$/DBPassword=zabbix/g' /usr/local/zabbix/etc/zabbix_server.conf
sed -i 's/BASEDIR=\/usr\/local/BASEDIR=\/usr\/local\/zabbix/g' /etc/init.d/zabbix_server
sed -i 's/BASEDIR=\/usr\/local/BASEDIR=\/usr\/local\/zabbix/g' /etc/init.d/zabbix_agentd

#增加服务端口<br>
cat >>/etc/services <<EOF
zabbix-agent 10050/tcp #Zabbix Agent
zabbix-agent 10050/udp #Zabbix Agent
zabbix-trapper 10051/tcp #Zabbix Trapper
zabbix-trapper 10051/udp #Zabbix Trapper
EOF

#启动服务
/etc/init.d/zabbix_server start
/etc/init.d/zabbix_agentd start
chkconfig zabbix_server on   #开机启动启动服务
#chkconfig zabbix_agentd on  #被控端
#echo "/etc/init.d/zabbix_server start" >> /etc/rc.local
#echo "/etc/init.d/zabbix_agentd start" >> /etc/rc.local

问题处理

zabbix_server  不能监听端口tcp  10051 ?

打开日志 cat /tmp/zabbix_server.log

1635:20140706:015834.413 [Z3001] connection to database ‘zabbix’ failed: [2002] Can’t connect to local MySQL server through socket ‘/var/lib/mysql/mysql.sock’ (2)
1635:20140706:015834.413 Database is down. Reconnecting in 10 seconds.

看来是mysql sock错误了。 找到 #DBSocket=/tmp/mysql.sock 去掉前面的#注释即可。

zabbix2.2.4 web中 语言没有中文可选?

1、服务器端找到 zabbix/include/ locales.inc.php 文件

2、修改 locales.inc.php内容为:’zh_CN’ => array(‘name’ => _(‘Chinese (zh_CN)’),        ‘display’ => true),

       默认是false,所以不显示Chinese(zh_CN)。保存退出。

by ·0评论

使用pyenv管理安装Python多版本共存

安装pyenv

安装依赖库

yum -y install readline readline-devel readline-static openssl openssl-devel openssl-static sqlite-devel bzip2-devel bzip2-libs automake gcc git

git克隆安装pyenv

git clone git://github.com/yyuu/pyenv.git ~/.pyenv
echo 'export PYENV_ROOT="$HOME/.pyenv"' >> ~/.bashrc
echo 'export PATH="$PYENV_ROOT/bin:$PATH"' >> ~/.bashrc
echo 'eval "$(pyenv init -)"' >> ~/.bashrc
exec $SHELL -l

安装Python

查看可安装的版本

pyenv install --list

 

安装指定版本

安装 python2.7.7 和 python3.4.1

pyenv install 2.7.7
pyenv install 3.4.1

 

更新数据库

安装完成之后需要对数据库进行更新:

 pyenv rehash

 

设置全局的python版本

pyenv global 2.7.7
pyenv versions
system
* 2.7.7 (set by /root/.pyenv/version)
3.4.1

 

当前全局的python版本已经变成了2.7.7。
也可以使用pyenv local或pyenv shell临时改变python版本。
使用 pyenv global system 切换为系统自带。

确认python版本

python
Python 2.7.7 (default, Jun 24 2014, 07:50:02) 
[GCC 4.4.7 20120313 (Red Hat 4.4.7-4)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>>

 

使用python

输入python即可使用新版本的python;
系统命令会以/usr/bin/python的方式直接调用老版本的python;
使用pip安装第三方模块时会安装到~/.pyenv/versions/2.7.7下,不会和系统模块发生冲突。

 

安装ipython

pip install readline ipython

 

主要参考斌爷的博客: http://opslinux.com/python_viode_1.html

by ·2条评论

2014年6月5日OpenSSL.org官方发布OpenSSL存在诸多漏洞。这些漏洞可能导致中间人攻击,拒绝服务,任意代码执行,会话注入数据等威胁,严重影响到网站的安全。

官网详细信息看这里 http://www.openssl.org/news/secadv_20140605.txt

修复漏洞有:

SSL/TLS MITM vulnerability (CVE-2014-0224)
DTLS recursion flaw (CVE-2014-0221)
DTLS invalid fragment vulnerability (CVE-2014-0195)
SSL_MODE_RELEASE_BUFFERS NULL pointer dereference (CVE-2014-0198)
SSL_MODE_RELEASE_BUFFERS session injection or denial of service (CVE-2010-5298)
Anonymous ECDH denial of service (CVE-2014-3470)

 

Centos /Redhat 系统,官网制作最新的openssl rpm包速度是非常快的. 有现成的官方rpm包,没必要去编译安装.

 

#yum 升级 openssl

yum -y update openssl openssl-devel


#确定是否已经是最新修复了openssl漏洞的版本, 检查openssl 的 rpm changelog

rpm -q --changelog openssl |grep -E "2014|CVE-2010-5298"


#* Mon Jun 02 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-16.14

#- fix CVE-2010-5298 - possible use of memory after free
#- fix CVE-2014-0195 - buffer overflow via invalid DTLS fragment
#- fix CVE-2014-0198 - possible NULL pointer dereference
#- fix CVE-2014-0221 - DoS from invalid DTLS handshake packet
#- fix CVE-2014-0224 - SSL/TLS MITM vulnerability
#- fix CVE-2014-3470 - client-side DoS when using anonymous ECDH
#* Mon Apr 07 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-16.7
#- fix CVE-2014-0160 - information disclosure in TLS heartbeat extension  包括之前的心脏出血漏洞修复
#* Tue Jan 07 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-16.4
#* Mon Jan 06 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-16.3
# 可以看到最新漏洞都通通修复了~


#虽然openssl看到的版本号没变,但是已经是最新漏洞修复版本了,看看 编译时间

openssl version -a

#OpenSSL 1.0.1e-fips 11 Feb 2013
#built on: Thu Jun 5 12:49:27 UTC 2014
#platform: linux-elf
#options: bn(64,32) md2(int) rc4(8x,mmx) des(ptr,risc1,16,long) idea(int) blowfish(idx)
#compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -DL_ENDIAN -DTERMIO -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -#fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i686 -mtune=atom -fasynchronous-unwind-tables -Wa,--noexecstack -DPURIFY -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -#DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
#OPENSSLDIR: "/etc/pki/tls"
#engines: dynamic

 

by ·0评论

下载安装VirtualBox和Vagrant

要使用Vagrant需要先安装依赖支持的VirtualBox。下一步,下一步默认安装完成2个软件。

下载安装 VirtualBox 官网:https://www.virtualbox.org/

下载安装 Vagrant 官网:http://www.vagrantup.com/

 

配置使用Vagrant 安装 kali linux

http://www.vagrantbox.es/ 这里提供了超全的linux系统预制box包。已经给你搞好系统了,任君选取所需,我这里选kali linux

先用迅雷把http://ftp.sliim-projects.eu/boxes/kali-linux-1.0-amd64.box

下载好,放入你的工作目录如D:\Vagrant

增加box

vagrant  box add base kali-linux-1.0-amd64.box

初始化

vagrant init

 

D:\Vagrant>vagrant  box add base kali-linux-1.0-amd64.box
==> box: Adding box ‘base’ (v0) for provider:
    box: Downloading: file://D:/Vagrant/kali-linux-1.0-amd64.box
    box: Progress: 100% (Rate: 65.2M/s, Estimated time remaining: –:–:–)
==> box: Successfully added box ‘base’ (v0) for ‘virtualbox’!

D:\Vagrant>vagrant init
A `Vagrantfile` has been placed in this directory. You are now
ready to `vagrant up` your first virtual environment! Please read
the comments in the Vagrantfile as well as documentation on
`vagrantup.com` for more information on using Vagrant.

Vagrantfile配置

打开目下的Vagrantfile配置文件

网络配置

Vagrant的网络有三种模式

1、端口映射方式,映射虚拟机中端口到宿主机

config.vm.network :forwarded_port, guest: 80, host: 8080

guest: 80 表示虚拟机中的80端口, host: 8080 表示映射到宿主机的8080端口。

2、私有网络

config.vm.network :private_network, ip: "192.168.1.104"

192.168.1.104 表示虚拟机的IP,多台虚拟机的话需要互相访问的话,设置在相同网段即可

3、桥接

config.vm.network :public_network

这样一个广播域的dhcp就可以分配ip了

目录映射

默认情况下,当前的工作目录,会被映射到虚拟机的 /vagrant 目录,当前目录下的文件可以直接在 /vagrant 下进行访问

也可以自己根据需要映射下

config.vm.synced_folder "work1/", "/data1"

前面的参数 “work1/”  表示的是本地的路径,这里使用对于工作目录的相对路径,这里也可以使用绝对路径,比如: “D:\Vagrant\work1”

启动

set VBOX_INSTALL_PATH=%VBOX_MSI_INSTALL_PATH%

vagrant up –provider=virtualbox

常用管理命令

vagrant up (启动虚拟机)
vagrant halt (关闭虚拟机——对应就是关机)
vagrant suspend (暂停虚拟机——只是暂停,虚拟机内存等信息将以状态文件的方式保存在本地,可以执行恢复操作后继续使用)
vagrant resume (恢复虚拟机 —— 与前面的暂停相对应)
vagrant destroy (删除虚拟机,删除后在当前虚拟机所做进行的除开Vagrantfile中的配置都不会保留)

参考来源

使用Vagrant在Windows下部署开发环境