IE9中的Mangled URL参数 [英] Mangled URL Parameters in IE9
问题描述
我看到来自IE9桌面客户端的错误的URL参数。这些链接是通过电子邮件发送的,所有的被破坏的URL都来自电子邮件的纯文本版本。
I'm seeing mangled URL parameters coming from IE9 desktop clients. The links are sent via email, and all of the mangled URLs come from the plain-text version of the email.
我几乎确定它与我的堆栈无关(django,nginx,mandrill)参数的值具有精确转置的字符。原来的角色是被破坏的一个减去13个地方(例如 rznvy_cynva = email_plain , ubgryfpbz = hotelscom )。
I'm almost sure that it has nothing to do with my stack (django, nginx, mandrill) The values for the parameters have characters exactly transposed. The original character is the mangled one minus 13 places (eg. rznvy_cynva = email_plain, ubgryfpbz = hotelscom).
以下是一个被破坏的请求的例子:
Here is one example of a mangled request that came through:
GET /book/48465?sid=rznvy_cynva&order=q09362qs55-741722-442521-98n2-n88s4nnr87192n&checkOut=07-17-15&affiliate=ubgryfpbz&checkIn=07-16-15 HTTP/1.1" 302 5 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"
- 所有带有破解网址的请求都具有与示例相同的用户代理。 / li>
- 与被破坏的URL相关联的IP地址不限于任何位置。
- 查看用户代理,这似乎限于桌面Windows 7,IE9用户。
推荐答案
电脑,它得到链接和扫描y我们的网页有任何可能的漏洞。它使用rot13模糊处理来确保它不会采取任何不需要的操作(现在购买等)。
It is anti-malware software on your recipients' computers. It gets the links and scans your pages for any possible vulnerabilities. It uses rot13 obfuscation to ensure that it doesn't take any unwanted actions ("buy now", etc.).
解决方案是跟踪反恶意软件/公司正在执行的扫描,并尽可能将您的网站列入白名单。
The solution is to track down what anti-malware software / company is performing the scans, and get your site whitelisted if possible.
这篇关于IE9中的Mangled URL参数的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
