尝试利用? [英] Attempted exploit?
问题描述
我看到我的nopCommerce网站记录了以下内容的搜索:
I saw that my nopCommerce site had a logged search for:
ADw-script AD4-alert(202) ADw-/script AD4-
尽管他们想完成什么,但我有点好奇.我搜索了一下,似乎ADw-script AD4-
用UTF7编码为<script>
.但是为什么alert(202)
?
I'm a bit curious though what they were trying to accomplish. I searched a bit for it and appearently the ADw-script AD4-
encodes in UTF7 to <script>
. But why the alert(202)
?
他们只是在检查漏洞吗?
Were they just checking for vulnerabilities?
记录了更多的黑客攻击尝试,我在这里提出了一个关于它们的新问题:
More hacking attemps was logged and I made a new question about them here: Hacking attempt, what were they trying to do and how can I check if they succeeded?
推荐答案
有人正在检查您是否具有UTF-7注入漏洞以供日后利用. UTF-7仅使用通常认为无害的字符.您是否总是在HTML中使用元字符集?
Someone is checking if you have a UTF-7 injection vulnerability to exploit it later. UTF-7 uses only characters that are usually not considered harmful. Do you always use meta charset in your HTML?
始终在HTML中使用尽可能高的元字符集,如下所示:
Always use meta charset as high as possible in your HTML, like this:
<!doctype html>
<html lang="en-us">
<head>
<meta charset="utf-8">
...
您将不必担心基于UTF-7的XSS攻击.
and you won't have to worry about UTF-7 based XSS attacks.
这篇关于尝试利用?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!