尝试利用? [英] Attempted exploit?

问题描述

我看到我的nopCommerce网站记录了以下内容的搜索:

I saw that my nopCommerce site had a logged search for:

ADw-script AD4-alert(202) ADw-/script AD4-

尽管他们想完成什么，但我有点好奇.我搜索了一下，似乎ADw-script AD4-用UTF7编码为<script>.但是为什么alert(202)?

I'm a bit curious though what they were trying to accomplish. I searched a bit for it and appearently the ADw-script AD4- encodes in UTF7 to <script>. But why the alert(202)?

他们只是在检查漏洞吗?

Were they just checking for vulnerabilities?

记录了更多的黑客攻击尝试，我在这里提出了一个关于它们的新问题:

More hacking attemps was logged and I made a new question about them here: Hacking attempt, what were they trying to do and how can I check if they succeeded?

推荐答案

有人正在检查您是否具有UTF-7注入漏洞以供日后利用. UTF-7仅使用通常认为无害的字符.您是否总是在HTML中使用元字符集?

Someone is checking if you have a UTF-7 injection vulnerability to exploit it later. UTF-7 uses only characters that are usually not considered harmful. Do you always use meta charset in your HTML?

始终在HTML中使用尽可能高的元字符集，如下所示:

Always use meta charset as high as possible in your HTML, like this:

<!doctype html>  
<html lang="en-us">
<head>
  <meta charset="utf-8">
  ...

您将不必担心基于UTF-7的XSS攻击.

and you won't have to worry about UTF-7 based XSS attacks.

这篇关于尝试利用?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！