Tema: ¿Cómo implementar el código de GatorV para XSS?
Ver Mensaje Individual
  #2 (permalink)  
Antiguo 17/11/2012, 13:53
Avatar de rottenp4nx
rottenp4nx
 
Fecha de Ingreso: octubre-2012
Ubicación: Santiago
Mensajes: 417
Antigüedad: 11 años, 6 meses
Puntos: 36
Respuesta: ¿Cómo implementar el código de GatorV para XSS?
puedes ocupar htmlentities o strip_tags

En internet puedes encontrar otras funciones manuales de php que hacen usuarios, esta la encontré en el foro

Código PHP: 
Ver original
  1. <?php
  2. class Filter_Xss
  3. {
  4. * * /**
  5. * * ** Remove XSS attacks that came in the input
  6. * * **
  7. * * ** Function taken from:
  8. * * ** http://quickwired.com/smallprojects/php_xss_filter_function.php
  9. * * ** and alter to use in application
  10. * * **
  11. * * ** @param string $value The value to filter
  12. * * ** @return string 
  13. * * **/
  14. * * public function filterXss($params, $returnStr = false)
  15. * * {
  16. * * * * $params = is_array($params) ? $params : array($params);
  17. *
  18. * * * * foreach($params as $key => $val){
  19. * * * * * * if(!is_array($val)){
  20. * * * * * * * * /**
  21. * * * * * * * * ** remove all non-printable characters. CR(0a) and LF(0b) and TAB(9) are allowed
  22. * * * * * * * * ** this prevents some character re-spacing such as <java\0script>
  23. * * * * * * * * ** note that you have to handle splits with \n, \r, and \t later since
  24. * * * * * * * * ** they *are* allowed in some inputs
  25. * * * * * * * * **/
  26. * * * * * * * * $val = preg_replace('/([\x00-\x08][\x0b-\x0c][\x0e-\x20])/', '', $val);
  27. *
  28. * * * * * * * * /**
  29. * * * * * * * * ** straight replacements, the user should never need these since they're normal characters
  30. * * * * * * * * ** this prevents like 
  31. * * * * * * * * ** <IMG SRC=&#X40&#X61&#X76&#X61&#X73&#X63&#X72&#X69&#X70&#X74&#X3A&#X61&#X6C&#X65&#X72&#X74&#X28&#X27&#X58&#X53&#X53&#X27&#X29>
  32. * * * * * * * * **/
  33. * * * * * * * * $search = 'abcdefghijklmnopqrstuvwxyz';
  34. * * * * * * * * $search .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
  35. * * * * * * * * $search .= '1234567890!@#$%^&*()';
  36. * * * * * * * * $search .= '~`";:?+/={}[]-_|\'\\';
  37. * * * * * * * * for($i = 0; $i < strlen($search); $i++){
  38. * * * * * * * * * * /**
  39. * * * * * * * * * * ** ;? matches the ;, which is optional
  40. * * * * * * * * * * ** 0{0,7} matches any padded zeros, which are optional and go up to 8 chars
  41. * * * * * * * * * * **/
  42. *
  43. * * * * * * * * * * /**
  44. * * * * * * * * * * ** &#x0040 @ search for the hex values
  45. * * * * * * * * * * **/
  46. * * * * * * * * * * $val = preg_replace('/(&#[x|X]0{0,8}'.dechex(ord($search[$i])).';?)/i', $search[$i], $val); // with a ;
  47. * * * * * * * * * * /**
  48. * * * * * * * * * * ** &#00064 @ 0{0,7} matches '0' zero to seven times
  49. * * * * * * * * * * **/
  50. * * * * * * * * * * $val = preg_replace('/(&#0{0,8}'.ord($search[$i]).';?)/', $search[$i], $val); // with a ;
  51. * * * * * * * * }
  52. *
  53. * * * * * * * * /**
  54. * * * * * * * * ** now the only remaining whitespace attacks are \t, \n, and \r
  55. * * * * * * * * **/
  56. * * * * * * * * $ra1 = array(
  57. * * * * * * * * * * 'javascript', 'vbscript', 'expression', 'applet', 'meta', 'xml', 'blink', 'link',
  58. * * * * * * * * * * 'style', 'script', 'embed', 'object', 'iframe', 'frame', 'frameset', 'ilayer',
  59. * * * * * * * * * * 'layer', 'bgsound', 'title', 'base'
  60. * * * * * * * * );
  61. * * * * * * * * $ra2 = array(
  62. * * * * * * * * * * 'onabort', 'onactivate', 'onafterprint', 'onafterupdate', 'onbeforeactivate',
  63. * * * * * * * * * * 'onbeforecopy', 'onbeforecut', 'onbeforedeactivate', 'onbeforeeditfocus', 'onbeforepaste',
  64. * * * * * * * * * * 'onbeforeprint', 'onbeforeunload', 'onbeforeupdate', 'onblur', 'onbounce', 'oncellchange',
  65. * * * * * * * * * * 'onchange', 'onclick', 'oncontextmenu', 'oncontrolselect', 'oncopy', 'oncut',
  66. * * * * * * * * * * 'ondataavailable', 'ondatasetchanged', 'ondatasetcomplete', 'ondblclick', 'ondeactivate',
  67. * * * * * * * * * * 'ondrag', 'ondragend', 'ondragenter', 'ondragleave', 'ondragover', 'ondragstart', 'ondrop',
  68. * * * * * * * * * * 'onerror', 'onerrorupdate', 'onfilterchange', 'onfinish', 'onfocus', 'onfocusin', 'onfocusout',
  69. * * * * * * * * * * 'onhelp', 'onkeydown', 'onkeypress', 'onkeyup', 'onlayoutcomplete', 'onload', 'onlosecapture',
  70. * * * * * * * * * * 'onmousedown', 'onmouseenter', 'onmouseleave', 'onmousemove', 'onmouseout', 'onmouseover',
  71. * * * * * * * * * * 'onmouseup', 'onmousewheel', 'onmove', 'onmoveend', 'onmovestart', 'onpaste', 'onpropertychange',
  72. * * * * * * * * * * 'onreadystatechange', 'onreset', 'onresize', 'onresizeend', 'onresizestart', 'onrowenter',
  73. * * * * * * * * * * 'onrowexit', 'onrowsdelete', 'onrowsinserted', 'onscroll', 'onselect', 'onselectionchange',
  74. * * * * * * * * * * 'onselectstart', 'onstart', 'onstop', 'onsubmit', 'onunload'
  75. * * * * * * * * );
  76. * * * * * * * * $ra = array_merge($ra1, $ra2);
  77. *
  78. * * * * * * * * $found = true; // keep replacing as long as the previous round replaced something
  79. * * * * * * * * while($found){
  80. * * * * * * * * * * $val_before = $val;
  81. * * * * * * * * * * for($i = 0; $i < sizeof($ra); $i++){
  82. * * * * * * * * * * * * $pattern = '/';
  83. * * * * * * * * * * * * for($j = 0; $j < strlen($ra[$i]); $j++){
  84. * * * * * * * * * * * * * * if($j > 0){
  85. * * * * * * * * * * * * * * * * $pattern .= '(';
  86. * * * * * * * * * * * * * * * * $pattern .= '(&#[x|X]0{0,8}([9][a][b]);?)?';
  87. * * * * * * * * * * * * * * * * $pattern .= '|(&#0{0,8}([9][10][13]);?)?';
  88. * * * * * * * * * * * * * * * * $pattern .= ')?';
  89. * * * * * * * * * * * * * * }
  90. * * * * * * * * * * * * * * $pattern .= $ra[$i][$j];
  91. * * * * * * * * * * * * }
  92. * * * * * * * * * * * * $pattern .= '/i';
  93. * * * * * * * * * * * * $replacement = substr($ra[$i], 0, 2).'<x>'.substr($ra[$i], 2); // add in <> to nerf the tag
  94. * * * * * * * * * * * * $val = preg_replace($pattern, $replacement, $val); // filter out the hex tags
  95. * * * * * * * * * * * * if($val_before == $val){
  96. * * * * * * * * * * * * * * /**
  97. * * * * * * * * * * * * * * ** no replacements were made, so exit the loop
  98. * * * * * * * * * * * * * * **/
  99. * * * * * * * * * * * * * * $found = false;
  100. * * * * * * * * * * * * }
  101. * * * * * * * * * * }
  102. * * * * * * * * }
  103. * * * * * * }
  104. * * * * * * $params[$key] = is_array($val) ? $this->filterXss($val) : $val;
  105. * * * * }
  106. *
  107. * * * * return $returnStr ? $params[0] : $params;
  108. * * }
  109. *
  110. * * /**
  111. * * ** Remove XSS attacks and remove tags and extra white spaces
  112. * * ** that came in the input before and after
  113. * * ** 
  114. * * ** @param string|array $params The value to filter
  115. * * ** @param bool Set this if you want to return string value
  116. * * ** @return string|array
  117. * * **/
  118. * * public function realEscapeString($params, $returnStr = false)
  119. * * {
  120. * * * * /**
  121. * * * * ** Check for XSS atacks
  122. * * * * **/
  123. * * * * $params = $this->filterXss($params, $returnStr);
  124. *
  125. * * * * $params = is_array($params) ? $params : array($params);
  126. *
  127. * * * * foreach($params as $k => $v){
  128. * * * * * * /**
  129. * * * * * * ** Recursive, re-send all values that are arrays
  130. * * * * * * **/
  131. * * * * * * if(is_array($v)){
  132. * * * * * * * * $params[$k] = $this->realEscapeString($v);
  133. * * * * * * * * continue;
  134. * * * * * * }
  135. * * * * * * /**
  136. * * * * * * ** Decode all hexadecimal values (urldecode and html_entity_decode)
  137. * * * * * * ** Clean up all values (strip_tags)
  138. * * * * * * ** Erase all white space before and after string (trim)
  139. * * * * * * **/
  140. * * * * * * $params[$k] = urldecode($v);
  141. * * * * * * $params[$k] = html_entity_decode($params[$k]);
  142. * * * * * * $params[$k] = strip_tags($params[$k]);
  143. * * * * * * $params[$k] = trim($params[$k]);
  144. * * * * }
  145. *
  146. * * * * return $returnStr ? $params[0] : $params;
  147. * * }
  148. }
  149. *
  150. //Uso
  151. $filter = new Filter_Xss();
  152. $values = $filter->filterXss($_POST);
  153. var_dump($values);
  154. *
  155. // Sin HTML
  156. $filter = new Filter_Xss();
  157. $values = $filter->realEscapeString($_POST);
  158. var_dump($values);
  159. *
  160. *
  161. // Filtrar un campo y devolver resultado tipo string
  162. $filter = new Filter_Xss();
  163. $values = $filter->filterXss($_POST['foo'], true);
  164. var_dump($values);
  165. *
  166. // Sin HTML
  167. $filter = new Filter_Xss();
  168. $values = $filter->realEscapeString($_POST['foo'], true);
  169. var_dump($values);

Saludos